10:26 a.m.
This is a post where I suggest work without any commitment to helping. I'm
sorry. :)
I'm trying to help someone here:
https://ask.fedoraproject.org/t/stuck-setting-up-a-local-file-server/18772
... where they're trying to set up an NFS/Samba share using Cockpit. That
seems like it _should_ be easy. Now, this particular person is new and
there's some basic concepts to work on first, but... also, it turns out
Cockpit doesn't actually have an included tool for doing that. This kind of
surprises me, but is also the kind of thing I just don't know because I'm
not a working sysadmin anymore. (I kind of miss it sometimes....)
I talked to Stephen Gallagher and this is something he was looking at but
doesn't have time for. There is a third-party add-on
https://github.com/45Drives/cockpit-file-sharing which looks pretty great,
but is specifically made for 45Drives, and may be difficult to generalize
and package for Fedora Server.
But that seems _really_ worth doing. Anyone interested in taking that on?
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
11:36 a.m.
On ma, 29 marras 2021, Matthew Miller wrote:
This is a post where I suggest work without any commitment to helping.
I'm
sorry. :)
I'm trying to help someone here:
https://ask.fedoraproject.org/t/stuck-setting-up-a-local-file-server/18772
... where they're trying to set up an NFS/Samba share using Cockpit. That
seems like it _should_ be easy. Now, this particular person is new and
there's some basic concepts to work on first, but... also, it turns out
Cockpit doesn't actually have an included tool for doing that. This kind of
surprises me, but is also the kind of thing I just don't know because I'm
not a working sysadmin anymore. (I kind of miss it sometimes....)
I talked to Stephen Gallagher and this is something he was looking at but
doesn't have time for. There is a third-party add-on
https://github.com/45Drives/cockpit-file-sharing which looks pretty great,
but is specifically made for 45Drives, and may be difficult to generalize
and package for Fedora Server.
But that seems _really_ worth doing. Anyone interested in taking that on?
Just package their plugin. It uses existing Samba tools (net utility).
That would be a relatively simple starting point. It may need a somewhat
specific modification to work with all types of Samba configurations we
support but this is probably a next step.
For NFS it also uses a simple drop-in file mechanism so it should be
independent of anything else.
I do not think it has anything specific to 45Drives except their
branding.
--
/ Alexander Bokovoy
11:38 a.m.
On Mon, Nov 29, 2021 at 07:36:22PM +0200, Alexander Bokovoy wrote:
>But that seems _really_ worth doing. Anyone interested in taking
that on?
Just package their plugin. It uses existing Samba tools (net utility).
That would be a relatively simple starting point. It may need a somewhat
specific modification to work with all types of Samba configurations we
support but this is probably a next step.
Stephen said that he looked and it seems to have some other dependencies?
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
11:46 a.m.
On ma, 29 marras 2021, Matthew Miller wrote:
On Mon, Nov 29, 2021 at 07:36:22PM +0200, Alexander Bokovoy wrote:
> >But that seems _really_ worth doing. Anyone interested in taking that on?
>
> Just package their plugin. It uses existing Samba tools (net utility).
> That would be a relatively simple starting point. It may need a somewhat
> specific modification to work with all types of Samba configurations we
> support but this is probably a next step.
Stephen said that he looked and it seems to have some other dependencies?
I do not see anything else beyond cockpit, samba, and python3.
--
/ Alexander Bokovoy
12:48 p.m.
On Mon, Nov 29, 2021 at 12:47 PM Alexander Bokovoy
<abbra(a)fedoraproject.org> wrote:
On ma, 29 marras 2021, Matthew Miller wrote:
>On Mon, Nov 29, 2021 at 07:36:22PM +0200, Alexander Bokovoy wrote:
>> >But that seems _really_ worth doing. Anyone interested in taking that on?
>>
>> Just package their plugin. It uses existing Samba tools (net utility).
>> That would be a relatively simple starting point. It may need a somewhat
>> specific modification to work with all types of Samba configurations we
>> support but this is probably a next step.
>
>
>Stephen said that he looked and it seems to have some other dependencies?
I do not see anything else beyond cockpit, samba, and python3.
It has been a while since last I looked at it, so it's possible I was
confusing this with the Ceph setup tool, which definitely has
45Drives-isms in it. I'll have another look at the file-sharing
extension sometime this week, if time permits.
12:57 p.m.
On Mon, Nov 29, 2021 at 07:46:14PM +0200, Alexander Bokovoy wrote:
>Stephen said that he looked and it seems to have some other
dependencies?
I do not see anything else beyond cockpit, samba, and python3.
Yep and I just tried it and it worked. I had to manually add `include =
registry` to `[global]` in `/etc/samba/smb.conf`.
Would that be something that might be appropriate to make the default?
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
1:22 p.m.
On ma, 29 marras 2021, Matthew Miller wrote:
On Mon, Nov 29, 2021 at 07:46:14PM +0200, Alexander Bokovoy wrote:
> >Stephen said that he looked and it seems to have some other dependencies?
>
> I do not see anything else beyond cockpit, samba, and python3.
Yep and I just tried it and it worked. I had to manually add `include =
registry` to `[global]` in `/etc/samba/smb.conf`.
Would that be something that might be appropriate to make the default?
No. It is something that is used for a particular setup where
administrator (or a solution designed) knows what they are doing.
FreeIPA uses this mode, for example.
But for normal users who barely understand what to do with smb.conf,
enabling registry becomes a source of issues.
I also don't think we tested registry with Samba AD configuration.
--
/ Alexander Bokovoy
1:34 p.m.
On Mon, Nov 29, 2021 at 1:57 PM Matthew Miller <mattdm(a)fedoraproject.org> wrote:
On Mon, Nov 29, 2021 at 07:46:14PM +0200, Alexander Bokovoy wrote:
> >Stephen said that he looked and it seems to have some other dependencies?
>
> I do not see anything else beyond cockpit, samba, and python3.
Yep and I just tried it and it worked. I had to manually add `include =
registry` to `[global]` in `/etc/samba/smb.conf`.
Would that be something that might be appropriate to make the default?
Playing around with it, this tool also appears to only understand
users that are returned by `getpwent()` calls (which means that
network users served by SSSD would not be visible unless
`enumerate=True` is set, which is a performance hit). I might look
into patching this to allow a user to be specified directly.
Alexander: Does samba have a drop-file configuration anywhere? So we
could specify `include = registry` when this Cockpit plugin is
installed, but not otherwise?
12:13 a.m.
Hello all,
Stephen Gallagher [2021-11-29 14:34 -0500]:
Alexander: Does samba have a drop-file configuration anywhere? So we
could specify `include = registry` when this Cockpit plugin is
installed, but not otherwise?
IMHO this is generally not a good idea. Merely installing a (mostly unrelated)
package should not unexpectedly reconfigure existing running services. The docs
[1] don't really clarify the impact, but at least the "automatically activates
registry shares" sounds like possibly unexpected fallout, and may violate the
"least surprise" principle?
Pitti
[1] https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#INCLUDE
12:45 a.m.
On ti, 30 marras 2021, Martin Pitt wrote:
Hello all,
Stephen Gallagher [2021-11-29 14:34 -0500]:
> Alexander: Does samba have a drop-file configuration anywhere? So we
> could specify `include = registry` when this Cockpit plugin is
> installed, but not otherwise?
IMHO this is generally not a good idea. Merely installing a (mostly unrelated)
package should not unexpectedly reconfigure existing running services. The docs
[1] don't really clarify the impact, but at least the "automatically activates
registry shares" sounds like possibly unexpected fallout, and may violate the
"least surprise" principle?
I agree with Martin. In addition, Samba does not have a drop-file configuration
mechanism. There is 'include' option that allows to include files but it
cannot take wildcards, so this is not a drop-in variant handling.
--
/ Alexander Bokovoy
12:59 p.m.
On Tue, Nov 30, 2021 at 07:13:45AM +0100, Martin Pitt wrote:
Stephen Gallagher [2021-11-29 14:34 -0500]:
> Alexander: Does samba have a drop-file configuration anywhere? So we
> could specify `include = registry` when this Cockpit plugin is
> installed, but not otherwise?
IMHO this is generally not a good idea. Merely installing a (mostly
unrelated) package should not unexpectedly reconfigure existing running
services. The docs [1] don't really clarify the impact, but at least the
"automatically activates registry shares" sounds like possibly unexpected
fallout, and may violate the "least surprise" principle?
I think the alternative would be for the Cockpit plugin to, instead of
telling users to edit the config file by hand, have a button to _just do
it_. I don't like munging config files, though (so fragile!), so:
It looks from
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#INCLUDE
that although it doesn't have a drop-in file option, the include option
_normally_ means "literally include a file here as though typed in place",
and for some probably-too-clever-but-oh-well reason, "include = registry"
has a special meaning.
I can think of several things we could do with this, but if we don't want
surprising behavior, we could have [global] include
include = /etc/samba/cockpit.conf
in the standard package. I don't know how samba behaves if files are
missing, but if it doesn't cause errors, that file could just be not there
by default. Or, if it needs to have something, could just contain a
commment. Then, the Cockpit tool could then replace just that file
(either directly or with a symlink) when you press a button. (Samba server
doesn't start by default, so that button could also enable the service?)
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
2:25 p.m.
On Tue, Nov 30, 2021 at 01:59:50PM -0500, Matthew Miller wrote:
in the standard package. I don't know how samba behaves if files
are
missing, but if it doesn't cause errors, that file could just be not there
by default. Or, if it needs to have something, could just contain a
commment. Then, the Cockpit tool could then replace just that file
(either directly or with a symlink) when you press a button. (Samba server
doesn't start by default, so that button could also enable the service?)
Actually -- let me take that a step further... or maybe back.
If Samba isn't installed on the host, you get:
Failed to load Samba services. Is Samba installed or enabled?
Or maybe it says "SMB". This is from memory. And anyway similar for NFS.
It would be nice if that were instead a button (or wizard) that installed
the necessary packages.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
2:42 p.m.
On Tue, Nov 30, 2021 at 3:26 PM Matthew Miller <mattdm(a)fedoraproject.org> wrote:
On Tue, Nov 30, 2021 at 01:59:50PM -0500, Matthew Miller wrote:
> in the standard package. I don't know how samba behaves if files are
> missing, but if it doesn't cause errors, that file could just be not there
> by default. Or, if it needs to have something, could just contain a
> commment. Then, the Cockpit tool could then replace just that file
> (either directly or with a symlink) when you press a button. (Samba server
> doesn't start by default, so that button could also enable the service?)
Actually -- let me take that a step further... or maybe back.
If Samba isn't installed on the host, you get:
Failed to load Samba services. Is Samba installed or enabled?
Or maybe it says "SMB". This is from memory. And anyway similar for NFS.
It would be nice if that were instead a button (or wizard) that installed
the necessary packages.
All of this is certainly *nice*, but it's moving the goalposts quite a
ways beyond "package cockpit-file-sharing for Fedora"...
We've already established that time is at a premium for those who are
interested in doing this... I suggest that adding new requirements as
we go is probably NOT a good idea if we ever want to see it land.
Something functional-but-needs-manual-tweaks is still better than
nothing at all.
4:15 p.m.
On Tue, Nov 30, 2021 at 03:42:25PM -0500, Stephen Gallagher wrote:
> Or maybe it says "SMB". This is from memory. And
anyway similar for NFS.
> It would be nice if that were instead a button (or wizard) that installed
> the necessary packages.
All of this is certainly *nice*, but it's moving the goalposts quite a
ways beyond "package cockpit-file-sharing for Fedora"...
Yeah, sorry -- please don't block.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
8:06 a.m.
On Tue, Nov 30, 2021 at 05:15:13PM -0500, Matthew Miller wrote:
> All of this is certainly *nice*, but it's moving the
goalposts quite a
> ways beyond "package cockpit-file-sharing for Fedora"...
Yeah, sorry -- please don't block.
So anyway. :) I'm hoping we can:
1. Get the thing packaged as is.
2. Get `include = /etc/samba/cockpit.conf` in the samba config, if
that is possible.
3. Find someone interested in the enhancements (buttons to install and
enable necessary packages, followed by a button to explicitly enable
the above config)
Alexander, how does samba respond if there's an include file which just
isn't there?
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
1:01 p.m.
On Thu, Dec 9, 2021 at 9:06 AM Matthew Miller <mattdm(a)fedoraproject.org> wrote:
On Tue, Nov 30, 2021 at 05:15:13PM -0500, Matthew Miller wrote:
> > All of this is certainly *nice*, but it's moving the goalposts quite a
> > ways beyond "package cockpit-file-sharing for Fedora"...
> Yeah, sorry -- please don't block.
So anyway. :) I'm hoping we can:
1. Get the thing packaged as is.
Out for review:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2030814
10:06 p.m.
On Thu, Dec 09, 2021 at 02:01:40PM -0500, Stephen Gallagher wrote:
> 1. Get the thing packaged as is.
Out for review:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2030814
Comments in bug -- it bundles some things we should drop. I think it's
sufficient to just remove them in the %prep part of the specfile -- it's not
a like a codec issue where we need to clean the source, just, like, it
includes fontawesome.
Mostly this is easy, except there's a "file-sharing-patternfly.css.gz".
I know you're doing this as a total aside on top of other things, so I'm
hoping someone else is inspired to step in and take a crack at the next
steps.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
10:30 a.m.
On Mon, Dec 13, 2021 at 11:06:11PM -0500, Matthew Miller wrote:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2030814
Comments in bug -- it bundles some things we should drop. I think it's
sufficient to just remove them in the %prep part of the specfile -- it's not
a like a codec issue where we need to clean the source, just, like, it
includes fontawesome.
Mostly this is easy, except there's a "file-sharing-patternfly.css.gz".
I've updated https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2030814
with a spec file which removes all of the bundling except the above.
Suggestions, anyone?
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
2:43 p.m.
On ti, 30 marras 2021, Matthew Miller wrote:
On Tue, Nov 30, 2021 at 07:13:45AM +0100, Martin Pitt wrote:
> Stephen Gallagher [2021-11-29 14:34 -0500]:
> > Alexander: Does samba have a drop-file configuration anywhere? So we
> > could specify `include = registry` when this Cockpit plugin is
> > installed, but not otherwise?
>
> IMHO this is generally not a good idea. Merely installing a (mostly
> unrelated) package should not unexpectedly reconfigure existing running
> services. The docs [1] don't really clarify the impact, but at least the
> "automatically activates registry shares" sounds like possibly unexpected
> fallout, and may violate the "least surprise" principle?
I think the alternative would be for the Cockpit plugin to, instead of
telling users to edit the config file by hand, have a button to _just do
it_. I don't like munging config files, though (so fragile!), so:
It looks from
https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#INCLUDE
that although it doesn't have a drop-in file option, the include option
_normally_ means "literally include a file here as though typed in place",
and for some probably-too-clever-but-oh-well reason, "include = registry"
has a special meaning.
I can think of several things we could do with this, but if we don't want
surprising behavior, we could have [global] include
include = /etc/samba/cockpit.conf
in the standard package. I don't know how samba behaves if files are
missing, but if it doesn't cause errors, that file could just be not there
by default. Or, if it needs to have something, could just contain a
commment. Then, the Cockpit tool could then replace just that file
(either directly or with a symlink) when you press a button. (Samba server
doesn't start by default, so that button could also enable the service?)
I don't like this approach, it mixes too much of Cockpit-specific
assumptions here into the configuration that should be as neutral as
possible.
This whole plugin would only work for a simple file server with
password-based authentication. It will not work when Samba AD is
configured on the system (Samba AD does not support 'include =
registry'), it will not work without changes with Samba file server as a
member of FreeIPA or Active Directory domain.
Adding non-existing include file does create a lot of noise -- every
time Samba tools would parse configuration file. This would happen every
three minutes if any of Samba daemons configured to run -- for example,
if winbindd is configured to join an Active Directory domain, where
otherwise one would not even use smbd, just winbindd.
If you want to control smb.conf from this Cockpit plugin, then doing a
backup of existing smb.conf and clearly identifying what will be changed
in the configuration is needed. E.g. 'After pressing the button below,
your smb.conf will be backed up and registry configuration will be
enabled' -- after checking that existing smb.conf is compatible with
your mode of operation (e.g. that it does not have any of incompatible
server roles).
This all smells like a dedicated project in itself. We have been working
on a Cockpit plugin for Samba AD configuration upstream as a part of a
Google Summer of Code few years ago but didn't get that code to
production quality yet. There are not enough resources to dedicate to
this work either upstream or downstream (both Fedora and RHEL).
--
/ Alexander Bokovoy
4:18 p.m.
On Tue, Nov 30, 2021 at 10:43:24PM +0200, Alexander Bokovoy wrote:
I don't like this approach, it mixes too much of
Cockpit-specific
assumptions here into the configuration that should be as neutral as
possible.
Okay, fair enough.
in the configuration is needed. E.g. 'After pressing the button
below,
your smb.conf will be backed up and registry configuration will be
enabled' -- after checking that existing smb.conf is compatible with
your mode of operation (e.g. that it does not have any of incompatible
server roles).
How about just back up and _replace_ the smb.conf a whole new one, noting
clearly that automatic configuration in this way will do that, and that if
you want to have it do more complicated things, you'll need to handle it by
hand.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
654
days inactive
670
days old
server@lists.fedoraproject.org
19 comments
4 participants
participants (4)
-
Alexander Bokovoy -
Martin Pitt -
Matthew Miller -
Stephen Gallagher