This site is deprecated; docs have moved to docs.inspircd.org!

Difference between revisions of "Historical:Development/RemoteIncludes"

From the makers of InspIRCd.
Jump to: navigation, search
m (Add a tiny scrap of info to stub from roadmap)
(Fleshed this out a little bit, feel free to add more)
Line 1: Line 1:
 
= Remote Includes =
 
= Remote Includes =
Will probably be done via a module (probably utilising m_httpd/m_http_client)
+
 
 +
== Introduction ==
 +
The goal is to be able to securely fetch configuration files on demand from a central server. This makes management and central control of servers on a network MUCH easier.
 +
 
 +
== Design ==
 +
The running theory is to use a combination of m_httpd (on a hub / the server which will serve configuration files) and m_http_client (on all other servers) - which has the benefit of not requiring a securely configured 3rd party server. These can also be extended to support SSL and some form of authenticity check (SSL certificate fingerprints?). Each server would then send a request with m_http_client to get it's files, before loading the configuration (during rehash, etc).
 +
 
 +
== Problems ==
 +
The major issue with this idea is a 'chicken-egg' situation on startup; the configuration needs to be fetched, but can't be fetched until some things are configured and initialized. Notably, the socket engine must be fully operational (outgoing connect) and configured (IP binding), SSL must be loaded and configured (if used), m_http_client must be loaded, and whatever module is required for remote includes must be loaded and configured. There are LOTS of values required for the IRCd to run that aren't reasonable to require in the local configuration.
 +
 
 +
=== Solution #1: Revise configuration loading ===
 +
One solution would be to somehow revise configuration so that the ircd can be partially started (enough for the conditions listed above), without requiring the majority of it's configuration. This would, however, be fairly complicated to do, and rather annoying.
 +
 
 +
=== Solution #2: ...? ===
 +
Feel free to suggest. :P

Revision as of 23:08, 25 August 2007

Remote Includes

Introduction

The goal is to be able to securely fetch configuration files on demand from a central server. This makes management and central control of servers on a network MUCH easier.

Design

The running theory is to use a combination of m_httpd (on a hub / the server which will serve configuration files) and m_http_client (on all other servers) - which has the benefit of not requiring a securely configured 3rd party server. These can also be extended to support SSL and some form of authenticity check (SSL certificate fingerprints?). Each server would then send a request with m_http_client to get it's files, before loading the configuration (during rehash, etc).

Problems

The major issue with this idea is a 'chicken-egg' situation on startup; the configuration needs to be fetched, but can't be fetched until some things are configured and initialized. Notably, the socket engine must be fully operational (outgoing connect) and configured (IP binding), SSL must be loaded and configured (if used), m_http_client must be loaded, and whatever module is required for remote includes must be loaded and configured. There are LOTS of values required for the IRCd to run that aren't reasonable to require in the local configuration.

Solution #1: Revise configuration loading

One solution would be to somehow revise configuration so that the ircd can be partially started (enough for the conditions listed above), without requiring the majority of it's configuration. This would, however, be fairly complicated to do, and rather annoying.

Solution #2: ...?

Feel free to suggest. :P