[Server-devel] Fwd: XS server addons

David Van Assche dvanassche at gmail.com
Wed Aug 6 01:51:18 EDT 2008


Not drag this on too much longer :-) but just wanted to clarify/ask a
couple things...

On Tue, Aug 5, 2008 at 3:50 PM, Martin Langhoff
<martin.langhoff at gmail.com> wrote:
> On Tue, Aug 5, 2008 at 9:38 PM, David Van Assche <dvanassche at gmail.com> wrote:
>>> 1 - I'll incorporate them into xs-config :-)
>>> 2 - don't have to hack the network startup scripts to remove the part
>>> that reloads rules
>>> 3 - you don't have to redo the in step 2 hack with every upgrade - as
>>> xs-config updates will nuke your changes
>>
>> The main reason for shorewall is traffic shaping... its the only
>
> Get SW to spit out a nice traffic shaping ruleset, clean it up, and we
> can see if it can be merged into network_config
>
>> Anyway, shorewall is already a done deal for us and works wonderfully...
>
> Reread my notes above - an XS update will probably kill it, and you
> won't be around to help fix it. It's not that SW is not good - I've
> used it myself quite happily - but that it is not a sustainable move.

I fail to see how an update will kill it. Shorewall works
independently from iptables allowing its rules to work along side
it... All the config files are in /etc/shorewall, which Im sure
xs-config wont touch...

>> Would u care to elaborate on how to do this
>
> I've outlined two options. Pick one, yum install the packages and read
> the man pages :-)

I will try, but what takes you seconds to do, will take me days :-)

>
> Bad juju with openldap. Very bad.

Ok, point taken, I'll forget about ldap...


> It's not just Webmin: any "administration" program, web-based or not -
> is *not* recommended on a XS. And by that I mean "the next yum update
> very likely leave the machine in non-working state".
>
> xs-config is a bit nasty ATM, but even if we make it better, it wil
> _never_ interact well with a webmin-type app. Sorry. Life is hard like
> that.

Ok, lets look at this a bit more closely. What I have in mind is using
just a few of the webmin modules... By default, webmin will not touch
or modify ANY configuration files. Unlike ebox which takes over the
machine ruthlessly, webmin simply puts up a web based control panel
from which u modify the very same files that u would manually modify
in /etc. Now I understand that the XS has its configuration files in
several different places, but it wouldn't be too hard to work with
this and get just the webmin modules we need to work symbiotically.
For instance, these modules will not affect xs-config as far as I can
tell:

- dansguardian
- squid (or will it?)
- users/groups
- shorewall
- disk usage

Obviously, anything that shouldnt be touched like DNS, networking,
etc, we simply don't even include... what do u think? Testing this
hypothesis is also an option...


More information about the Server-devel mailing list