[Server-devel] RFC - command server

[Tim Moody]

Because I want to get to a place where running ansible and loading content can be managed through an admin gui, I have started thinking about a command server, a sort of callable job queue.

I want to give certain admin users the ability to launch commands which run as root and may be long-running.  Such commands should survive a restart and it should be possible to monitor progress.

I am leaning towards the following approach:

1. A command server based on ZeroMQ implemented as a systemd service which is always running as root.
2. Input to the command server is through a unix domain socket which is owned by root and rw only for anyone in a group whose members are apache and probably xsce-admin.
3. The command server uses sqlite for persistent storage owned by root and rw by owner.  Probably the schema distinguishes between command requests and jobs.
4. A php or python script invoked by an ajax call from the admin gui invokes a command on the command server. The gui would be user/password protected.
5. The command server parses the request and checks if it has already been requested.
If the command is new:
6. The command server logs the command into persistent storage and immediately returns a response with probably OK or Error depending.
7. It translates it into a shell command based on internal logic.  It NEVER simply executes a command it gets from the gui.
8. The command server forks a child which runs the appropriate command in background, returns its pid, and terminates.  The pid is put in persistent storage.
If the command is a duplicate:
9. The command server verifies that the command is running and to the extent possible its percent of completion and returns status to the caller.
10. There would also be status commands to return a list of current jobs or status of an active job and perhaps jobs marked active that are not running.
11. If the command server crashes or the system is restarted, the command server attempts to restart active jobs.

Possible commands are:

rsync-iiab-content – copy various iiab files to their destination in /library.  The source is a parameter, but not the destination to keep from copying malware into /usr/bin, etc.  Some attempt would also be made to verify the source to prevent malicious content.
rsync-rachel-content – similar
rsynce-kiwix-content – the list could grow
runtag
runansible
reboot

Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/server-devel/attachments/20140929/47a553d9/attachment.html>