Importing configuration data¶

Although eBox UI interface greatly eases the system administrator work, some configuration tasks through the interface can be tedious if you have to perform them a large number of times. For example, adding 100 new user accounts or enabling an e-mail account for all of them could be one of these tasks.

These tasks can be automated easily through the Application Programming Interface (API) which is provided by eBox. You only need a basic knowledge of Perl [1], and to know the public methods exposed by the eBox modules you want to use. In fact, eBox web interface uses the same programming interface.

An example on how to create a small utility is shown below, using the eBox API to automatically add an arbitrary number of users defined in a Comma Separated Values (CSV) file

#!/usr/bin/perl

use strict;
use warnings;

use EBox;
use EBox::Global;

EBox::init();
my $usersModule = EBox::Global->modInstance('users');

my @users;
open (my $USERS, 'users');

while (my $line = <$USERS>) {
    chomp ($line);
    my $user;
    my ($username, $givenname, $surname, $password) = split(',', $line);
    $user->{'user'} = $username;
    $user->{'givenname'} = $givenname;
    $user->{'surname'} = $surname;
    $user->{'password'} = $password;
    push (@users, $user);
}
close ($USERS);

foreach my $user (@users) {
    $usersModule->addUser($user, 0);
}

1;

Save the file with the name bulkusers and grant it execution permission using the following command: chmod +x bulkusers.

Before running the script, you must have a file called users in the same directory. The appearance of this file should be as follows:

jfoo,John,Foo,jfoopassword,
jbar,Jack,Bar,jbarpassword,

Finally, you must be in the directory where files are placed and run:

sudo ./bulkusers

This section has shown a small example of task automation using the eBox API, but the possibilities are almost unlimited.

Service Advanced Customization¶

This section discusses two options for system customization for those users with special requirements:

• Tailor service configuration files managed by eBox Platform.
• Perform actions in the process of saving changes in configuration.

When a module is responsible for automatically setting up a service, it tries to cover the most common configuration options. Furthermore, there are cases where there are so many configuration settings that it would be impossible for eBox to control them all. In addition to this, one of the eBox platform goals is simplicity. However, there are users who want to adjust some of those unhandled parameters to adapt eBox to their requirements. One of the possibilities is editing directly the configuration files which handle the service.

Before deciding to modify manually a configuration file, you must understand how eBox works internally. The eBox modules, once enabled, overwrite the original system configuration files for the services they manage. They do this through templates that essentially contain the basic structure of a typical configuration file for the service. However, some of their parts are parameterized through variables. The values of these variables are assigned before overwriting the file, taken from the configuration previously set using the eBox web interface.

How the configuration template system works

Therefore, if you want to make your changes persistent, and prevent them from being overwritten every time eBox saves changes, you must edit such templates instead of system configuration files. Those templates are in /usr/share/ebox/stubs and their names are the original configuration file names plus the .mas extension.

It should be remembered that although we make these changes in templates, those changes will be lost if an upgrade is performed. Installing a new module version will overwrite all template files. Thus it is recommended to keep a backup copy of your modifications in order to restore them after the upgrade.

It is possible that you need to perform certain additional actions while eBox is saving changes instead of customizing configuration files. For example, when eBox saves changes related to the firewall, the first thing the firewall module does is to remove all existing rules, and then add the ones configured in eBox. If you manually add a custom iptables rule that is not covered by eBox interface, it will disappear when saving firewall module changes. To prevent that, eBox let us run scripts while the saving changes process is being performed. There are six points during the process when you may execute those scripts, also known as hooks. Two of them are general and the remainder 4 ones are per module:

Before saving changes:

In /etc/ebox/pre-save directory all scripts with running permissions are run before starting the save changes process.

After saving changes:

Scripts with running permissions in /etc/ebox/post-save directory are executed when the process is finished.

Before saving module configuration:

Writing /etc/ebox/hooks/<module>.presetconf file being <module> the module name you want to tailor, the hook is executed prior to overwriting the module configuration. It is the ideal time to modify configuration templates from a module.

After saving module configuration:

/etc/ebox/hooks/<module>.postsetconf file is executed after saving <module> configuration.

Before restarting the service:

/etc/ebox/hooks/<module>.preservice is executed. This script could be useful to load Apache modules, for instance.

After restarting the service:

/etc/ebox/hooks/<module>.postservice is executed. In the firewall case, all the extra rules must be added here.

As you can imagine, these operations have a great potential and allow you to highly customize eBox operation in order to be better integrated with the rest of the system.

Environment for new modules development¶

This chapter has shown how to resolve some of the configuration limitations from eBox modules. But it is possible that modules provided by eBox may not cover all our needs. This is a big deal, since eBox is designed to have extensibility in mind and it is relatively simple to create new modules.

Anyone with Perl language knowledge may take advantage of the eBox framework to create web interfaces, and also benefit from the integration with the rest of the modules and the common features from the vast eBox library.

eBox design is completely object-oriented and it takes advantage of the Model-View-Controller (MVC) design pattern [2], so the developer only needs to define those features required by the data model. The remaining parts are generated automatically by eBox. As if this was not enough, a development tool called emoddev [3] is provided to ease much more the development of new modules, auto-generating templates depending on the parameters provided by the user. This is a great time saver, however, its explanation and development is out of the scope of this course.

eBox is designed to be installed on a dedicated machine. This recommendation is also extended to the developing scheme. Developing on the same host is completely discouraged. A virtual system to develop is the recommended option as virt-chapter-ref explains deeply.

Bug management policy¶

Each open source software project has its own bug management policy.

Ubuntu may have more than one version considered as stable and maintained at the same time. That is, maintained means that when a new bug is found, a new public update is released to fix it. Updates will be covered in depth below. These stable versions are supported for a length of time which depends on the kind of the release.

eBox has a single stable version. Some modifications are added to this version to fix several detected bugs. This happens until a new release is published, which already has all these fixes.

The project management tool Trac [4] is used by the eBox development team to manage bugs and their own tasks. It lets users open tickets to report problems and it is opened to all users. Once the ticket is created by a user, its state can be tracked by the user through the web or e-mail. You may reach the eBox Platorm Trac at http://trac.ebox-platform.com.

Ubuntu, however, uses Launchpad [5], a tool developed and supported by Canonical to manage their bugs:

It is highly recommended to report a bug when you are fairly sure that your problem is easily reproduced. You should provide detailed instructions to reproduce it. In addition, you should make sure that your problem is really a bug and not just an expected result from the program under determined circumstances. Finally, it would be even better to provide a solution for your problem. This could be done by modifying the application itself through a patch or by following some steps to avoid the problem temporarily (workaround).

deb http://security.ubuntu.com/ubuntu/ hardy-security universe main multiverse restricted

Exercises¶

allow-recursion { none; };

dig @localhost www.google.es
   ; <<>> DiG 9.4.2 <<>> @localhost www.google.es
   ; (1 server found)
   ;; global options:  printcmd
   ;; Got answer:
   ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 18671
   ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
   ;; WARNING: recursion requested but not available

   ;; QUESTION SECTION:
   ;www.google.es.                 IN      A

   ;; Query time: 10 msec
   ;; SERVER: 127.0.0.1#53(127.0.0.1)
   ;; WHEN: Wed Mar 25 21:15:54 2009
   ;; MSG SIZE  rcvd: 31

#!/bin/bash

date >> /tmp/restart-eBox.log