Proposal for the Server Role API

Thomas Woerner twoerner at redhat.com
Tue Jun 3 11:56:58 UTC 2014 

On 06/02/2014 08:51 AM, Marius Vollmer wrote:
> Thomas Woerner <twoerner at redhat.com> writes:
>
> Some question that I had on first reading.  Hopefully they can help to
> improve the API, although most of them are obvious and you probably have
> thought of them already.
>
>> org.fedoraproject.ServerRoleManager1
>> ------------------------------------
>>
>> Properties
>>
>>     version:s                # server role manager version
>>     state:s                  # active/inactive/dead?
>>     roles:ao                 # role objects list
>>
>> Methods
>>
>>     getRole(role:o)→o        # get role by object
>
> What is the input object?  On first glance, this looks like the identity
> function, no? :)
>
This one is not needed. I am removing it.

>>     getNamedRole(name:s)→o   # get role by name
>>     getActiveRoles()→ao      # get active role object list
>
> What is "active", exactly?  Is it the same as state == "started"?
>
Yes, active was meant for started state.

We might extend this to getRoleByState(state:s)→ao. What do you think?

>> org.fedoraproject.ServerRoleManager1.roles.$n
>
> What is the $n here?  Is it the version of the interface?  (If we
> specify a concrete API, we just need one name.  Role specific APIs
> should be separate interfaces on the same object.)
>
$n is a number, because D-Bus only supports a limited character set here.

>> ---------------------------------------------
>>
>> Properties (general)       # role settings
>>
>>     name:s (ro)              # role name
>>     version:s (ro)           # role version
>>     state:s (ro)             # deployed/started/inactive/dead?
>
> What is the state before the role is deployed?
>
> Changing state is not instantanous.  Can I see when a role is currently
> being deployed (and how long that is still estimated to take)?
>
> I guess a role can also be in a "failed" state, where it is supposed to
> be active/started but something has gone wrong.
>
The full set of states need to be defined still.

>>     activate_time:i (ro)     # time of activation
>>     deploy_time:i (ro)       # time of deployment
>>     is_configured:b (ro)     # is this role configured?
>
> What does "configured" mean?  It's not the same as "active" or
> "started", right?  Can I start a unconfigured role?  Could this be a
> state?
>
The user has added configuration options. This was mentioned after the 
proposal from Stephen.

Please define all properties, that might be useful.

>>     packages:as (ro)         # packages and @groups
>>     services:a{sas} (ro)     # services to be enabled and/or started:
>> "enable": [s] and "start": [s]
>>     firewall:a{sas} (ro)     # firewall dict ports: [s] and service: [s]
>>     #backup_paths:as         # backup files and directories (directory
>> trailing slash it means "everything below here")
>>     # ...                    # custom settings, passwords as key value pairs
>
> It might not a good idea to put sensitive data like passwords into
> properties.  The common practise seems to be to have a separate method
> to return the secrets.  This is probably done to make implementing
> access control easier, but I am not sure.
>
Stephen, do you have a solution for this?

>> Methods
>>
>>     deploy()                 # deploy role (i.e. running initial setup
>> post-package-install, ipa-server-install)
>
> How can I cancel?
>
Cancel while deploying? It was not planned for this now. Otherwise see 
decommission.

>>     decommission()           # decommision (example: moved to another
>> machine, ipa-server-install -u ), stop if started
>>
>>     start()                  # start the role (startServices,
>> installFirewall), fails if not deployed
>>     stop()                   # stop the role (stopServices,
>> uninstallFirewall), fails if not started
>>
>>     updateRole()             # update role: yum update; restartServices;
>> updateFirewall
>
> How can I see whether an update for the role is available?
>
The updateFirewall call will for example be used if there is an role 
update. There is no mechanism to detect updates for now. Please define it.

>>     reconfigureRole(a{sv})   # reconfgure role with new config settings
>> as key value pairs
>
> A role could specific which program to run to do a interactive
> configuration.  For terminal, for a graphical session, and for Cockpit
> (by specifying a module that Cockpit will load).
>
As far as I know interactive configuration is not a goal for now.

>>     installPackages()        # install packages and groups
>>     #uninstallPackages()     # uninstall packages and groups, fails if
>> deployed - not initially
>>
>>     startServices()          # start the services
>>     restartServices()        # restart the services
>>     stopServices()           # stop the services
>>
>>     installFirewall()        # install firewall ports/services
>>     updateFirewall()         # update firewall ports/services
>>     uninstallFirewall()      # uninstall firewall ports/services
>
> Is there anything more to these than convenience?  E.g., can I just take
> the 'packages' properties and use it with the package management API of
> my choice?  If we already have a good UI for the package management API,
> with highly polished progress reporting and error handling, say, it is
> probably better to just use it instead of trying to polish this API to
> the same level.
>
I do not know. Stephen?

> Thanks!
> _______________________________________________
> server mailing list
> server at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/server
>
Thomas

More information about the server mailing list