Could someone make this command purpose clearer? Is this command still useful at all?
In cobbler/action_acl.py, I read:
"Configures acls for various users/groups so they can access the cobbler command line as non-root. Now that CLI is largely remoted (XMLRPC) this is largely just useful for not having to log in (access to shared-secret) file but also grants access to hand-edit various config files and other useful things."
Reading this, Cobbler CLI purpose becomes unclear to me. If it is supposed to be a Cobbler admin-only tool, it makes sense that is only accessibly by root user in the server. If it is supposed to be used by regular users, users should be able to run CLI from anywhere (eg their local workstations) and the CLI should connect to remote Cobbler server using XML-RPC interface.
Regards, Alan Evangelista
On 03/24/2014 10:54 PM, Alan Evangelista wrote:
Could someone make this command purpose clearer? Is this command still useful at all?
In cobbler/action_acl.py, I read:
"Configures acls for various users/groups so they can access the cobbler command line as non-root. Now that CLI is largely remoted (XMLRPC) this is largely just useful for not having to log in (access to shared-secret) file but also grants access to hand-edit various config files and other useful things."
Reading this, Cobbler CLI purpose becomes unclear to me. If it is supposed to be a Cobbler admin-only tool, it makes sense that is only accessibly by root user in the server. If it is supposed to be used by regular users, users should be able to run CLI from anywhere (eg their local workstations) and the CLI should connect to remote Cobbler server using XML-RPC interface.
Jörgen, could you please provide feedback about this?
At first sight, it seems to me that CLI should run from anywhere.
Regards, Alan Evangelista
Hey Alan,
Actually, i have no idea. Never used Cobbler cli as a regular user :S
Looking at the code; i suppose the most obvious use-case is that the cli is for the Cobbler admin only. There's no clean separation between client and server (importing the item_* stuff requires the complete server package)
Easiest way forward is to kill dead-code / features. Though it's probably nicer to separate client/server (also in packaging).
Is this something you want to work on? Do you have other use-cases for the cli?
On Wed, Apr 23, 2014 at 4:47 PM, Alan Evangelista <alanoe@linux.vnet.ibm.com
wrote:
On 03/24/2014 10:54 PM, Alan Evangelista wrote:
Could someone make this command purpose clearer? Is this command still useful at all?
In cobbler/action_acl.py, I read:
"Configures acls for various users/groups so they can access the cobbler command line as non-root. Now that CLI is largely remoted (XMLRPC) this is largely just useful for not having to log in (access to shared-secret) file but also grants access to hand-edit various config files and other useful things."
Reading this, Cobbler CLI purpose becomes unclear to me. If it is supposed to be a Cobbler admin-only tool, it makes sense that is only accessibly by root user in the server. If it is supposed to be used by regular users, users should be able to run CLI from anywhere (eg their local workstations) and the CLI should connect to remote Cobbler server using XML-RPC interface.
Jörgen, could you please provide feedback about this?
At first sight, it seems to me that CLI should run from anywhere.
Regards, Alan Evangelista
cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
I would expect Cobbler CLI to be used in this case: 1) Cobbler running on a headless server without a webserver 2) Admins shell into box to admin Cobbler or something like CFEngine/Puppet/Chef runs commands 3) Admin duties split among more than one Admins/Groups - for example groups could break along "bare metal OS provisioning", "repository acceptance and mirroring", and say "virtualization & power management" roles (never done that so I'm fakin' it here)
unless I'm not understanding "cli" - most cobbler examples are given in cli. Also, I don't think it is necessary (or wise) to run cobblerd under root - I've got a dedicated user, and maybe some of the web stuff is owned by the www user. I think the trend is to run things like cobbler in a container - isolating all those moving parts from the underlying system. Also, I have never thought of Cobbler as Client/Server - my experience is that everything must run on the same system. please tell me if otherwise.
**since top-posting is already amok here - I'm not fixing this - damn gmail - sorry
On Fri, Apr 25, 2014 at 11:34 PM, Jörgen Maas jorgen.maas@gmail.com wrote:
Hey Alan,
Actually, i have no idea. Never used Cobbler cli as a regular user :S
Looking at the code; i suppose the most obvious use-case is that the cli is for the Cobbler admin only. There's no clean separation between client and server (importing the item_* stuff requires the complete server package)
Easiest way forward is to kill dead-code / features. Though it's probably nicer to separate client/server (also in packaging).
Is this something you want to work on? Do you have other use-cases for the cli?
On Wed, Apr 23, 2014 at 4:47 PM, Alan Evangelista alanoe@linux.vnet.ibm.com wrote:
On 03/24/2014 10:54 PM, Alan Evangelista wrote:
Could someone make this command purpose clearer? Is this command still useful at all?
In cobbler/action_acl.py, I read:
"Configures acls for various users/groups so they can access the cobbler command line as non-root. Now that CLI is largely remoted (XMLRPC) this is largely just useful for not having to log in (access to shared-secret) file but also grants access to hand-edit various config files and other useful things."
Reading this, Cobbler CLI purpose becomes unclear to me. If it is supposed to be a Cobbler admin-only tool, it makes sense that is only accessibly by root user in the server. If it is supposed to be used by regular users, users should be able to run CLI from anywhere (eg their local workstations) and the CLI should connect to remote Cobbler server using XML-RPC interface.
Jörgen, could you please provide feedback about this?
At first sight, it seems to me that CLI should run from anywhere.
Regards, Alan Evangelista
cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
-- Grtz, Jörgen Maas
cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
On 04/27/2014 11:54 PM, Ed - 0x1b, Inc. wrote:
I would expect Cobbler CLI to be used in this case:
- Cobbler running on a headless server without a webserver
I do not know what "headless server" means. Anyway, I do not think Cobbler CLI would work in a server without a web server, as CLI accesses local Cobbler back-end via XML-RPC interface and the latter uses HTTP.
Also, I have never thought of Cobbler as Client/Server - my experience is that everything must run on the same system. please tell me if otherwise.
Currently, Cobbler frontend and backend code are mixed. I do not see an advantage in keeping this organization. It is a good programming practice to split frontend and backend to enhance flexibility and decrease redundancy. As I already mentioned before, one obvious benefit of splitting both in Cobbler case is that Cobbler CLI could then run from anywhere.
Regards, Alan Evangelista
On 04/26/2014 03:34 AM, Jörgen Maas wrote:
Hey Alan,
Actually, i have no idea. Never used Cobbler cli as a regular user :S
Looking at the code; i suppose the most obvious use-case is that the cli is for the Cobbler admin only. There's no clean separation between client and server (importing the item_* stuff requires the complete server package)
Easiest way forward is to kill dead-code / features. Though it's probably nicer to separate client/server (also in packaging).
Is this something you want to work on? Do you have other use-cases for the cli?
Yes, I already noticed there is no clean separation between client and server and I would like to fix that. I have no time for that right now, but I think I will have in the soon future.
Regards, Alan Evangelista
cobbler-devel@lists.fedorahosted.org
-
Alan Evangelista -
Ed - 0x1b, Inc. -
Jörgen Maas