8:48 p.m.
Hi Maciej,
On 17-05-19 09:10, Maciej Delmanowski wrote:
If the role is for something included in Debian, you should create
PRs against
the https://github.com/debops/debops/ repository, so that we can keep
everything in one place. Commercial software could go into the
https://github.com/debops/debops-contrib/ repository, which has similar layout
to the main DebOps monorepo. In the future the debops-contrib repository will
probably be downloadable and installable using some kind of debops script
subcommand.
Ah, I figured that debops-contrib was for roles that were not yet
included in DebOps but might be in the future (like
debops-contrib.dropbear_initramfs). I'll make the PRs directly to
debops/debops then.
> - amsw.dnsui: provides complete functionality for integrating
Opera's
> DNS-UI, an LDAP-authenticated web frontend for PowerDNS authoritative
> server. The role uses the nginx PAM module for LDAP authentication.
> Requires PowerDNS 4.1+ for DNSSEC functionality. Depends on
> debops.secret, debops.users, debops.postgresql, debops.php, debops.nginx
> and debops.cron.
For this you probably have to build the nginx .deb package from source to
include the LDAP support, correct? Now that nginx modules are in separate
packages in Debian, I wonder when LDAP support will be available in the
distribution itself. I'm not sure why it's not there yet, licensing? Lack of
manpower or interest?
Nope :)
Nginx in Debian 9 has the PAM module compiled in. Otherwise I probably
wouldn't have been able to write this role this quick, I'm pretty lazy
when it comes to software. I just take whatever is in Debian stable,
with the occasional backports package or Docker image.
I use the debops.auth and debops.nsswitch roles to configure PAM for
authentication against my debops.slapd managed OpenLDAP server. All
DebOps v0.8.1. I'll see if I can somehow integrate this configuration
with the dnsui role as well.
As for using the debops.users and debops.cron roles from your own
role, can
you tell me the reasons behind it? The roles mainly exist so that users can
create UNIX groups/accounts on the hosts and manage cron jobs via the Ansible
inventory, without the need to write their own playbooks. Ansible has modules
for managing users, groups and cron jobs, which you could use in your role
directly, without the additional overhead of using debops.users and
debops.cron.
No particular reason, guess I just wanted to use more DebOps roles.
Might not be the best idea in this case, so I'll rewrite the role a bit
to remove these dependencies.
Very interesting set of roles, looking forward for the PRs. :-) If
you want,
you could fork the debops/debops repository on GitHub and create a branch for
each role right away, perhaps some other DebOps users could help you clean
those up, test the functionality and prepare the documentation.
I'm glad you're interested! My employer has allowed me some time to
improve the roles next week, so you can review the PRs soon :)
> Any suggestions (on where I should start, for example) are most
welcome!
I would start with creating PRs for existing roles to merge in your changes,
then your own roles that depend on them should be easier to merge as well.
Great, I'll start there then!
Have a great weekend.
Imre