[Server-devel] Fwd: XS server addons

Martin Langhoff martin.langhoff at gmail.com
Wed Aug 6 02:43:50 EDT 2008 

On Wed, Aug 6, 2008 at 5:51 PM, David Van Assche <dvanassche at gmail.com> wrote:
> I fail to see how an update will kill it. Shorewall works
> independently from iptables allowing its rules to work along side
> it... All the config files are in /etc/shorewall, which Im sure
> xs-config wont touch...

xs-config is loading its own fw configuration, which will evolve to
include quite a few rules that overlap with the shorewall rules. I'm
not sure which one gets loaded first. It will be a matter of time
until it blows up.

To keep this converstation constructive I need you to think deeply
about these things long term. For example, in the face of my earlier
email, some of the questions facing you are:

 - what will happen when the stock config of the xs brings in a set of
iptables rules that define conflicting rules for the same packet?
 - what if we get custom chains conflicting names? what if the default
policies don't match?
 - do we even know which one gets loaded first? reloaded? torn down?

I can add subtler ones like: "will shorewall adapt to adding/removing
interfaces the same way as the network_config scripts do?".

> For instance, these modules will not affect xs-config as far as I can
> tell:

Odd interactions with local configurations I am recommending you don't
do are... well... not supported. I can - and will - help you lots as
long as you are heading in a direction that makes sense with where the
XS is going. For bespoke configurations, well, I can only say:
minimise them or fear the upgrade.

So given that you cannot predict what configs will interact badly with
future updates and what configs will just be overwritten, my
recommendations are

 - change the least possible
 - keep the config files you change under version control
 - plan each upgrade carefully - test it first on a complete clone of
the XS (a hd clone, with all the real data) to see what breaks, and be
prepared to apply the fixes

Every service you get ahead of time from the main XS development track
is something you will need to understand *in depth* to be able to get
"in sync" with when the XS implements it. For example, you are talking
about a custom config of moodle - fantastic. However when the XS does
include moodle, it will probably overwrite your Moodle installation --
hint: don't put it in var/www/moodle, don't call the database moodle
or xsmoodle :-) -- and have things configured *very* differently. It
will be significant work to understand and migrate your data from your
early moodle to the "xs moodle" - work I cannot help you with.

On the other hand, you could decide that you'll reinstall everything
once the XS images are more featureful. In that case, *go wild* :-)

cheers,


m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff

More information about the Server-devel mailing list