On Wed, Oct 22, 2003 at 11:07:17AM -0400, Gene Heskett wrote:
> On Wednesday 22 October 2003 08:56, Matt Hyclak wrote:
> > The problem with packaging binary files for
> > amanda is that you have to resort to using localhost where a
> > hostname is required so the thing will at least mostly work.
>
> We also spend about 25% of our support efforts here on this list 
> trying to convince gnubies that they cannot run it reliably using 
> localhost.  Most probably have acquired the localhost habit from an 
> rpm install.

This conflict results from a shortcoming in Amanda, namely that
many values that are only needed at run time, must still be
specified at configure time.  ISTM that configure-time options
should mostly be:
  - Those needed to get the package built and installed (e.g.
    --with-includes, --with-suffixes).

  - Parameters specific to a particular host environment (e.g.
    --with-rundump, --with-broken-fsf).  Each of these will have
    one optimal value for any given platform, and if someone is
    creating a binary distribution, Gentoo ebuild, etc., it's
    clearly their job to pick the right one.

  - Anything else that's intrinsically needed at compile time
    (e.g. --with-assertions)
  
Anything else should be left to a run-time config file, and that
goes double for values related to site policy.

Unfortunately, doing so will mean introducting a config file onto
Amanda client hosts.  I understand that this was purposely
avoided; I believe that decision should be reconsidered.  As I
understand it, the purpose of avoiding client-side config files
was to concentrate all configuration on the server, so that if
one wants to tweak something, one need not run around to all the
machines to change it on each one.  That's fine for parameters
which one can indeed change on the server.  But that's not the
case for every parameter in Amanda.  What's the situation with
the others?

Contrary to the design goal, parameters such as --with-debug-days
must still be changed on each client -- but the only way to do
that is to rebuild and reinstall Amanda.  Not exactly a savings
in convenience over editing a client-side config file.  For
parameters like --with-tape-server, one can override the
configure-time default (by passing a command-line option to
amrecover); but the only way to permanently change the default,
again, is to rebuild and reinstall.

Thus, I believe that introducing a client-side config file --
just one, *not* one per Amanda configuration -- will not only
help solve the current problem, but will make sysadmins' lives
easier in other respects as well.


My proposal is this:
  - Add a global configuration file, directly under the
    --with-configdir directory.  One possible name might be
    global.conf, but that's definitely up for discussion.  So the
    structure would look like:
        <confdir>/global.conf
        <confdir>/<config1>/amanda.conf
        <confdir>/<config1>/disklist
    where <confdir> comes from "configure --with-configdir=<confdir>"

  - global.conf should exist on both server and clients (if the
    server is also a client, both roles share the same copy of
    the file)

  - When looking for a config parameter, use the first of these
    that's found:
      - if you have a <confdir>/<config>/amanda.conf (i.e. you're
        in the in the Amanda-server role, and you know which
        configuration you're working with), the value in that
        file

      - the value in <confdir>/global.conf

      - the compiled in default, if any (see below)

      - If none of those are available, abort

  - For config parameters that are searchable in this way, it
    should NOT be required to specify them at configure time.  If
    you don't, the compiled in default will be "undefined", in
    which case you WILL be required to specify the value in a
    run-time config file (either global.conf or the appropriate
    amanda.conf).

  - ISSUE: What if <confdir>/global.conf doesn't exist?  I'd like
    to say, just ignore the fact (maybe report it as an
    "info"-level log message), and skip to the next step on the
    search for a value.


FWIW, here's my stab at classifying Amanda 2.4.4's many configure
options.

These are properly configure-time options:
  --with-includes=DIR    site header files for readline, etc in DIR
  --with-libraries=DIR   site library directories for readline, etc in DIR
  --with-suffixes        install binaries with version string appended to name
  --without-client       do not build client stuff
  --without-server       do not build server stuff (set --without-restore)
  --without-restore      do not build amrestore nor amidxtaped
  --without-amrecover    do not build amrecover
  --with-rundump         use rundump (setuid-root) to invoke dump
  --with-broken-fsf      only enable if tape fsf calls fail mid-file
  --with-db={text,db,dbm,gdbm,ndbm} use the selected database format text
  --with-mmap            force use of mmap instead of shared memory support
  --with-assertions      compile assertions into code
  --with-gnu-ld           assume the C compiler uses GNU ld default=no
  --with-pic              try to use only PIC/non-PIC objects default=use both
  --with-krb4-security=DIR   Location of Kerberos software /usr/kerberos 
/usr/cygnus /usr /opt/kerberos
  --without-debugging=/debug/dir do not record runtime debugging information in 
specified directory --with-tmpdir

These should be configurable at run time.  Actually, both for
backward compatibility and to make initial installation easier,
it probably makes sense to keep the current configure-time
options, but it should be possible to override their values in a
run-time config file.  This would be similar the way Apache
configuration works.

  --with-index-server=HOST default amanda index server `uname -n`
  --with-config=CONFIG   default configuration DailySet1
  --with-tape-server=HOST default restoring tape server is HOST same as 
--with-index-server
  --with-tape-device=ARG restoring tape server HOST's no rewinding tape drive
  --with-ftape-rawdevice=ARG raw device on tape server HOST's if using Linux 
ftape >=3.04d
  --with-changer-device=ARG default tape changer device /dev/ch0 if it exists
  --with-gnutar-listdir=DIR  gnutar directory lists go in DIR 
localstatedir/amanda/gnutar-lists
  --with-maxtapeblocksize=kb            Maximum size of a tape block
  --with-debug-days=NN    number of days to keep debugging files default=4
  --with-dump-honor-nodump  if dump supports -h, use it for level0s too
  --with-tmpdir=/temp/dir area Amanda can use for temp files /tmp/amanda
  --with-testing=suffix use alternate service names

For these, providing both configure-time and run-time
configuration is especially useful, since configure "looks for
one" by default.

  --with-gnutar=PROG      use PROG as GNU tar executable default: looks for one
  --with-smbclient=PROG   use PROG as Samba's smbclient executable default: 
looks for one

This must be settable at configure time.  For obvious
bootstrapping reasons, it can't be overridden by a value in the
run-time config file; but, as with Apache, it should be
overridable on the command line.

  --with-configdir=DIR   runtime config files in DIR sysconfdir/amanda

These ones I'm not sure about.  My arguments above point to
making them run-time configurable, but there may be
security-related arguments against this.  (I've put the
Kerberos-related ones in this class simply because I don't
understand them...)

  --without-amandahosts  use .rhosts instead of .amandahosts
  --without-bsd-security do not use BSD rsh/rlogin style security
  --with-portrange=low,high     bind unreserved TCP server sockets to ports 
within this range unlimited
  --with-tcpportrange=low,high  bind unreserved TCP server sockets to ports 
within this range unlimited
  --with-udpportrange=low,high  bind reserved UDP server sockets to ports 
within this range unlimited
  --with-user=USER       force execution to USER on client systems required
  --without-force-uid    do not force the uid to --with-user
  Kerberos options:
    --with-server-principal=ARG    server host principal  "amanda"
    --with-server-instance=ARG     server host instance   "amanda"
    --with-server-keyfile=ARG      server host key file   "/.amanda"
    --with-client-principal=ARG    client host principal  "rcmd"
    --with-client-instance=ARG     client host instance   HOSTNAME_INSTANCE
    --with-client-keyfile=ARG      client host key file   KEYFILE
    --with-ticket-lifetime=ARG     ticket lifetime        128

Special cases:
  --with-owner=USER       force ownership of files to USER default == 
--with-user value
      This is overloaded to mean both "set files to owner USER"
      and "run executables as user USER".  It should be split
      into two; I DO NOT want Amanda running as the owner of its
      files -- least privilege and all that.  Assuming it's split
      into --with-file-owner=USER to set file ownership, and
      --with-run-user=USER to specify who gets to run amdump, the
      former obviously has to be a configure-time option, and the
      latter goes into the "not sure because of security" list.

  --with-group=GROUP     group allowed to execute setuid-root programs required
      As for --with-owner

Not sure about these; I don't understand the issues well enough
to have an opinion:
  --with-fqdn            use FQDN's to backup multiple networks
  --with-buffered-dump   buffer the dumping sockets on the server for speed

These are splendid examples of what I'm advocating :-)
  --with-indexdir        deprecated, use indexdir in amanda.conf
  --with-dbdir           deprecated, use infofile in amanda.conf
  --with-logdir          deprecated, use logfile in amanda.conf


--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        erics AT telepres DOT com
|  |  /
When I came back around from the dark side, there in front of me would
be the landing area where the crew was, and the Earth, all in the view
of my window. I couldn't help but think that there in front of me was
all of humanity, except me.
        - Michael Collins, Apollo 11 Command Module Pilot