[Mageia-sysadm] [forums-discuss] Re: updating sysadmin privileges in forum config

Michael Scherer misc at zarb.org
Mon Mar 26 22:49:32 CEST 2012 

Le dimanche 25 mars 2012 à 08:24 +0200, Wolfgang Bornath a écrit :
> 2012/3/24 Michael Scherer <misc at zarb.org>:
> > Le samedi 24 mars 2012 à 12:48 +0100, Wolfgang Bornath a écrit :
> >
> >> But I doubt
> >> there would be benefits by having a package for the forum software.
> >> Quite to the contrary, a simple change of a character in one of the
> >> php files would cause the need of an update of the whole package,
> >> while as is you just need to exchange this one php file. If there
> >> would be a benefit I guess there would have been phpBB packages for
> >> years, phpBB being the most popular forum software, not only in the
> >> Linux world. Ok, a weak point, I admit.
> >
> > The point is indeed weak.
> >
> > For the start, having a package would ease the testing, since right now,
> > people just have no clue on how to replicate our setup. There is the
> > puppet manifests, but I take for granted that the intersection of those
> > that know how to use them and those interested into testing phpbb is
> > near 0.
> 
> Right. Why? Because even those who have experience in phpBB forum
> maintenance and php are not familiar of the setup used at Mageia.

Writing script to ease the setup of the copy of the system have been on
my todo list since a long time. I started to write documents on the
wiki, I did some conference to have some buzz, I did refactor the whole
repository to make it easier to read and to understand.

The setup used at mageia is nothing special or magic, there is :
- 1 postgresql database
- 1 git checkout 
- 1 apache config file that basically block some directory for security
reasons

I have yet to see a request for more information, that I would have
provided. But maybe people think we are too busy or too important to be
disturbed, or that they would not be able to change anything ( despites
me saying several time "send patch" ). There isn't much secret in the
setup, this is published since the beginning.

For example :
http://svnweb.mageia.org/adm/puppet/modules/phpbb/templates/config.php?revision=1625&view=markup
that's config.php. Anyone knowing php ( or asp, or jsp ) would
intuitively understand the format ( ie, database is a variable given
somewhere else )

The git checkout url is in another file, to get it :

git clone git://git.mageia.org/forum/ foo

and we just remove "phpBB/install" after checkout.

I agree this is not obvious, but I think we have a fairly standard
setup, and since no one ever ask a question, we can hardly see what is
difficult to understand.

> > Second part of having a package is that it would benefit to others if in
> > the distribution. It would also ease the management of version by the QA
> > ( cause if stuff is really important, you want to have it checked before
> > it goes live ).
> >
> > Another idea is to detect when there is change in the php files, by
> > using the rpm -V feature. That's quite handy when there is a problem
> > ( again speaking of experience ).
> >
> > And having a rpm in the distribution also mean that we can benefit from
> > the whole framework on making sure this is up to date, making sure that
> > basic quality is respected, etc. Something that is far from being the
> > case with a random zip taken from the web, especially from php software.
> > And I do not even talk of more complex security system like tomoyo or
> > selinux.
> 
> Well, the phpBB community is very large, involving people on all
> levels of knowledge related to web applications and system
> administration. Regarding the software being released from them as not
> up to date and far from basic quality seems to me a bit ...
> "exaggerating".

When I mean "being up to date", i mean using the same tool we use for
others packages to know there is a update, etc.
IE, having the package up to date. The same goes for "quality". Web
developpers tend to focus on the use case of "I have a shared space and
I cannot change nything to it", which is not our case. We can change
apache config, we can put some stuff outside of the web root, etc.

Software distribution is something that we already do, so solving the
same problem in a different way a second time is IMHO not a good idea.

> >>  - How would you implement requested features which are not available
> >> in the forum software other than by "MODs" (which is the same as a
> >> patch?
> >
> > Usually, with well designed software, that work with plugins. Of course,
> > with some stuff, that goes by "let's duplicate the source code and deal
> > with merging source code update". There is ton of example of why this is
> > wrong ( search "technical debt" on a search engine for lots of articles
> > on the topic ), hence the need to use a software properly designed, and
> > to stay in a well designed process.
> 
> Ok, so your point is that phpBB is not the software you want to use.
> This is a point I understand and would accept, you explained the
> points very well. But I don't know if there is a software with same
> functionality which would qualify and if there is it would mean a lot
> of work to switch.

That's not phpbb per se than the idea of how we should modify it.

Basically, in a world where we have near infinite ressources, we would
be able to take phpbb, and do any customisation. The same could be done
for all softwares. 

For exemple, that's what Google or Yahoo do ( more the first than the
2nd ). Google do have a custom http server, likely a custom kernel,
custom jvm, custom software and framework, even custom languages, custom
hardware, custom routers. They also have around 24 000 people working
for them, and a pile of money. 

But we are on the other side of the spectrum and we may not have the
sustainable ressources for custom stuff ( and I should really make the
word sustainable bold ). We did took this road for some of our component
( identity, for exemple ) and we do not have the man power to make
software evolve.

In the long run, the best would be to have such ressources, of course.

But that's a difficult problem to solve, and in the mean term, we should
have a solution, and I think therefor sticking to stock software is the
best compromise. I am aware that some mod would make stuff better ( for
example, to have a decent url, helping for visibility, etc ) and i am
sure that they are all enhancing the forum ( I mean, no one will do a
mod to make it worst ), but they are not free in term of ressources to
integrate.

So that's a tradeoff. It is better, but then you have to do some work
for each upgrade, etc. 


> > And frankly, the whole idea of mod is a sign that phpbb is not suitable
> > out of the box, as I said in the past. So while maybe the others are not
> > either, that's still a signal that something is wrong.
> 
> Ok, what can be done about that?

Now we decided to use phpbb, I guess we will stick to it. A migration
would take too much time, and despites having a setup that can be
improved ( to my eyes ), it seems to do the job.

But I think that we should keep in mind to prefer a software that do
what we want directly than one we can fix later ( or at least, depend
how we can fix ). That sound simple once said, but unfortunately, that's
hard to resist to the call of code for coders, so I will not blame
anyone on that.

> > From my point of view, everybody can open a bug report or send patches.
> > No one did, and you can say as much as you want "this is not my fault",
> > that will not change anything nor retroactively make bug reports appear.
> >
> > I would add that if people have a pretension to become admin or
> > anything, they should at least attempt to act as such. Ie, sending
> > patchs, etc.
> 
> I haven't met anybody in the international forum with a pretention to
> become admin in the way you see it.

I didn't read the forum, so maybe I misunderstood ( likely, in fact ),
so sorry if I was too harsh.

But the point is still valid,  if people wish to help or think they can
do a better job than us ( and I think we are not perfect, I do not deny
), we can arrange something. 

> > No, the discussion started because no one did the job. We are not
> > Mandriva, there is not "someone is in charge so I do nothing" bullshit
> > state of mind with the company and the rest of the world separation. The
> > system is open enough that someone skilled enough and motivated enough
> > can do most of the job, except the last step.
> >
> > If people were really concerned on contributing instead of speaking how
> > they would want to do something or how others didn't do what they
> > wanted, they would have done something.
> 
> Yes, all correct in general and it would surely have happened like
> this in the Mageia forum as well. But:
> If there is an admin in place (even somebody who claims that there are
> enough admins), if this admin keeps responding to questions in the
> forum about a missing update and other requests by explaining how it
> will be done and what is needed and that it will be done as soon as
> possible - why should anyone of the users should write a bug report?

Part of the problem is first what do people mean by "admin".

To me, this mean "system admin", and even if I tried to use sysadmin for
that meaning, I am sure that I have slipped more than once.
And while it may not have been obvious, I only speak of the sysadmin
side of the thing. 

To me, it seems obvious we need to have 1 and 1 single way to report
issue. Bugzilla is not perfect, but if we use 1 single system instead of
more, this permit to have 1 system to maintain, to not need to ask to
user to decide where to report problem, and people will have 1 system to
learn. ( and that's ITIL compliant, but that's a private joke with
myself ).

Now, I understand and should keep in mind that by admin, people also see
forum admin, and I will likely not comment on this part. Not that I do
not have a perfect(tm) solution for the problem :)

So maybe the first step would be to document exactly what is the current
state of affairs, who do what, who is in what group so we can at least
make sure we use the same word, see the same things. I have part of this
information in mind, but thanks to my training when I worked for CIA,
people cannot read it.

>From what I remember :

- there is mga-sysadmin group, 10 person, who ( for the forum ) :
 - access the server, databases and can commit to puppet or modify
directly the db, and grant access to git

they also have lots of access, and the long term goal is to delegate as
much as possible. As i say, my goal is to be able to replace myself by a
script. So this is not practical to give access to this group without
any check of skills or anything. 

- there is the mga-forum_developer group, of 3 person ( now 2 ), who :
 - have write access to the code of phpbb hosted in our git ( see url
before )
 - should have enough access to upgrade the forum ( but do not know )

the deployment is planned to be automatised, but that's not done ( my
point was that sysadmin will do it by hand until sufficiently annoyed,
and until the know how to automate it, until then we have to do the
upgrade by hand to see what need to be coded, or wait for a patch for
that ). I cannot speak for the others, but I do not plan to blindly code
without doing a few test runs so without request to upgrade forum.

on the side of forum management, well, I do not know. That's the part
where someone step in and complete my mail.

-- 
Michael Scherer

More information about the Mageia-sysadm mailing list