All of you probably know YaST, the installation and system configuration tool for openSUSE.
With current YaST, plenty of tasks that system administrator could image are doable using understandable UI: creating users, bootloader configuration, network setup and even Apache configuration. However, it has its drabacks. While being do-it-all tool, it comes with large package dependency even for only simple tasks. It is largely written in an outdated language which has its roots in last century and only few people in the world know it. It lacks the testing abilities of modern languages. It is SUSE specific and lacks larger developer community.
So last year, we (actually, Josef) came with the idea for YaST++: new configuration library that could be a common layer for configuration tools in SUSE (and beyond). Such library should provide simple and understandable API for all tools around. Written in up-to-date language many people know and like, so they can join the development (spoiler: we chose Ruby). Offering bindings to various other languages, so different tools could benefit from it,
Now, this “YaST++” does not actually mean to be replacement of current YaST (with its Qt/GTK/ncurses UI), but it could replace the lower layer of YaST, which is doing the real system configuration. And it would be open for other library users as well: the obvious targets for now are WebYaST and SUSE Studio, but we’d like to see if other tools are interested: even from non-SUSE world.
From architecture point, YaST++ is itself divided into two layers, we call them YLib and config agents. YLib is the high-level library, providing the API (like ‘create user’, ‘set new time zone’ etc.). Config agents form the lower layer, that is actually touching the system. This low level consits of D-BUS services, which are running as a root (thus have the full access to the system) but are started only for users with proper permissions (we are using polkit for policies definition). So YaST++ offers role based access management, where specific users can be allowed to do specific sets of actions. For more, check our architecture document (still WIP).
We’ve started to work on several modules (none of them is finished, though). Let’s look at example in module for users configuration (packages yast++lib-users and config_agent-passwd). Look at example code in ‘users_read’ script of examples subdirectory. With simple ruby call of
YLib::Users::read({})
you get the list of current users. If the script gets additional parameters, it can list e.g. all data about selected user, or only specific information about all:
> ./users_read root
{“gid”=>”0”, “name”=>”root”, “uid”=>”0”, “shell”=>”/bin/bash”, “password”=>”x”, “home”=>”/root”}> ./users_read only name
{“result”=>[“Batch jobs daemon”, “User for Avahi”, “bin”, “Daemon”, “dnsmasq”, “FTP account”, “Games account”, “User for haldaemon”, “User for OpenLDAP”, “LightDM daemon”, “Printing daemon”, “Mailer daemon”, “Manual pages viewer”, “User for D-Bus”, “MySQL database admin”, “News system”, “user for nginx”, “nobody”, “NTP daemon”, “User for build service backend”, “openslp daemon”, “PolicyKit”, “Postfix Daemon”, “PulseAudio daemon”, “qemu user”, “Router ADVertisement Daemon for”, “root”, “RealtimeKit”, “Smart Card Reader”, “user for smolt”, “SSH daemon”, “NFS statd daemon”, “Novell Customer Center User”, “TFTP account”, “usbmuxd daemon”, “Unix-to-Unix CoPy system”, “WWW daemon apache”, “User for YaST-Webservice”, “LXDE Display Manager daemon”]}
YaST++ developement is in its early stage (even the name is not final), but we already have something to offer.
Check the code and documentation at github project. There’s already a simple tutorial for those who want to try writing new parts.
Download packages from Build Service project.
Comment/propose/oppose in public YaST mailing list.
Both comments and pings are currently closed.
ruby? really? 🙁
looking forward for python bindings
I assume python bindings should not be problem to create, probably with SWIG
Taking a glimpse at the “passwd” agent this seems to be just old wine in new skins. Instead of developing a real library for managing users you call the useradd command. The polkit authentication is at the wrong abstraction layer. It doesn’t make sense to have a privileges to authenticate calling external commands, the privilege should be about managing users and hide the actual implementation details.
Calling useradd is an example of way to go. We might use direct modifications of /etc/passwd instgead, just like in current YaST.
About the polkit layer: yes, it is very low-level, it’s basically the same concept as used in webYaST. For usability, it is possible to create set of high-level rules, grouping those fine grained ones.
Hi,
so what you expect from such library? We don’t want to reinvent wheel, but if there is something on high level for easier managing users it would be nice if you let us known what it should be.
For polkit authentification we need it on low-level, because we got usually complains that permission is too abstract and don’t have what is really allowed. So polkit permission is low level, but we plan to create roles management ( we actually already have it in webyast, so just move it down to yast++ library ). Then administrator can easy allow user management, but if they are interested, they can see what user can modify and also change role to fit what they want. We already have discussion where we should place level of permissions and decision is that we need both layer, so low level is real permissions and high level is roles, that contain set of permissions.
> It is largely written in an outdated language which
> has its roots in last century and only few people
> in the world know it.
For the rest of us: Could you tell us what strange
language you are talking about?
(YaST itself seems to be written in C++, which
obviously does not match your “only few people
in the world know it” criterion. But maybe some
of the modules used by YaST may be written in
obscure other languages.)
YaST (as a core) itsef is written in C++, yes, but the modules are written in YCP, which is the language I was mentioning. Look for example at http://en.opensuse.org/openSUSE:YaST_quick_tutorial
Thanks.
Just a little side note, you know about augeas – utility for managing configuration files, right? While speaking about not reinventing the wheel…
Yes, we actually plan to use augeas (its ruby bindings) in the lower layer.
Dude, you really need to take some english lessons. It doesn’t matter how good the code you write is, as long as your blog entries are riddled with grammar mistakes, you’ll make an ass-clown of yourself.
Matthias: If you are frustrated please go out and use other platforms where the a… words are used.
Jiri: Well done job, and thanks for the post. I have enjoyed very much !