diff --git a/README.md b/README.md index 6fd9ba799c..91f13228f0 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -**Checks** +# Agama: A Service-based Linux Installer [![CI - Rust](https://github.com/openSUSE/agama/actions/workflows/ci-rust.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-rust.yml) [![CI - Service](https://github.com/openSUSE/agama/actions/workflows/ci-service.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-service.yml) @@ -7,41 +7,8 @@ [![CI - Documentation Check](https://github.com/openSUSE/agama/actions/workflows/ci-doc-check.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-doc-check.yml) [![CI - Integration Tests](https://github.com/openSUSE/agama/actions/workflows/ci-integration-tests.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-integration-tests.yml) [![Coverage Status](https://coveralls.io/repos/github/openSUSE/agama/badge.svg?branch=master)](https://coveralls.io/github/openSUSE/agama?branch=master) -[![GitHub Pages](https://github.com/openSUSE/agama/actions/workflows/github-pages.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/github-pages.yml) - -**Translations** - -[![Weblate Update POT](https://github.com/openSUSE/agama/actions/workflows/weblate-update-pot.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/weblate-update-pot.yml) -[![Weblate Merge PO](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-po.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-po.yml) -[![Weblate Merge Product PO](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-products-po.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-products-po.yml) [![Translation Status](https://l10n.opensuse.org/widgets/agama/-/agama-web/svg-badge.svg)](https://l10n.opensuse.org/engage/agama/) -**[OBS systemsmanagement:Agama:Staging](https://build.opensuse.org/project/show/systemsmanagement:Agama:Staging)** - -[![Submit agama](https://github.com/openSUSE/agama/actions/workflows/obs-staging-rust.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-staging-rust.yml) -[![Submit cockpit-agama](https://github.com/openSUSE/agama/actions/workflows/obs-staging-web.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-staging-web.yml) -[![Submit rubygem-agama-yast](https://github.com/openSUSE/agama/actions/workflows/obs-staging-service.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-staging-service.yml) -[![Submit cockpit-agama-playwright](https://github.com/openSUSE/agama/actions/workflows/obs-staging-playwright.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-staging-playwright.yml) - -[![OBS Staging/agama](https://img.shields.io/obs/systemsmanagement:Agama:Staging/agama/openSUSE_Tumbleweed/x86_64?label=Package%20agama)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/agama) -[![OBS Staging/cockpit-agama](https://img.shields.io/obs/systemsmanagement:Agama:Staging/cockpit-agama/openSUSE_Tumbleweed/x86_64?label=Package%20cockpit-agama)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/cockpit-agama) -[![OBS Staging/rubygem-agama-yast](https://img.shields.io/obs/systemsmanagement:Agama:Staging/rubygem-agama-yast/openSUSE_Tumbleweed/x86_64?label=Package%20rubygem-agama-yast)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/rubygem-agama-yast) -[![OBS Staging/agama-products-opensuse](https://img.shields.io/obs/systemsmanagement%3AAgama%3AStaging/agama-products-opensuse/openSUSE_Tumbleweed/x86_64?label=Package%20agama-products-opensuse)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/agama-products-opensuse) -[![OBS Staging/cockpit-agama-playwright](https://img.shields.io/obs/systemsmanagement:Agama:Staging/cockpit-agama-playwright/openSUSE_Tumbleweed/x86_64?label=Package%20cockpit-agama-playwright)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/cockpit-agama-playwright) -[![OBS Staging/agama-live](https://img.shields.io/obs/systemsmanagement:Agama:Staging/agama-live:openSUSE/images/x86_64?label=Live%20ISO)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/agama-live) - -**[OBS systemsmanagement:Agama:Devel](https://build.opensuse.org/project/show/systemsmanagement:Agama:Devel)** - -![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/openSUSE/agama?label=Version&sort=semver) -[![Release](https://github.com/openSUSE/agama/actions/workflows/obs-release.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-release.yml) - -[![OBS Devel/agama](https://img.shields.io/obs/systemsmanagement:Agama:Devel/agama/openSUSE_Tumbleweed/x86_64?label=Package%20agama)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/agama) -[![OBS Devel/cockpit-agama](https://img.shields.io/obs/systemsmanagement:Agama:Devel/cockpit-agama/openSUSE_Tumbleweed/x86_64?label=Package%20cockpit-agama)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/cockpit-agama) -[![OBS Devel/rubygem-agama-yast](https://img.shields.io/obs/systemsmanagement:Agama:Devel/rubygem-agama-yast/openSUSE_Tumbleweed/x86_64?label=Package%20rubygem-agama-yast)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/rubygem-agama-yast) -[![OBS Devel/agama-live](https://img.shields.io/obs/systemsmanagement:Agama:Devel/agama-live:openSUSE/images/x86_64?label=Live%20ISO)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/agama-live) - -# Agama: A Service-based Linux Installer - Agama is a new Linux installer born in the core of the YaST team. It is designed to offer re-usability, integration with third party tools and the possibility of building advanced user interfaces over it. ||| @@ -67,17 +34,6 @@ Agama is a new Linux installer born in the core of the YaST team. It is designed -## Table of Content - -* [Why a New Installer](#why-a-new-installer) -* [Architecture](#architecture) -* [How to Run](#how-to-run) - * [Live ISO Image](#live-iso-image) - * [Avahi/mDNS](#avahimdns) - * [Manual Configuration](#manual-configuration) -* [How to Contribute](#how-to-contribute) -* [Development Notes](#development-notes) - ## Why a New Installer This new project follows two main motivations: to overcome some of the limitations of YaST and to serve as installer for new projects like SUSE ALP (Adaptable Linux Platform). @@ -89,173 +45,44 @@ YaST is a mature installer and control center for SUSE and openSUSE operating sy * Sharing logic with other tools like Salt or Ansible is very difficult. * Some in-house solutions like libyui makes more difficult to contribute to the project. -SUSE is working on its next generation operating system called ALP (Adaptable Linux Platform). ALP is designed to be a lean core system, moving most of the software and workloads to containers and virtual machines. For some cases, for example cloud and virtual machines, ALP based systems will be deployed with auto-installable images. But still there are quite some situations in which ALP must be installed in a more traditional way. A clear example consists on installing over bare metal where some system analysis is required beforehand. Agama is also intended to cover such use cases for ALP, offering a minimal but powerful installer able to support a wide range of scenarios (e.g., RAID, encryption, LVM, network storage, etc). - -## Architecture - -This project is designed as a service-client system, using a dedicated D-Bus server for process -communication. - -![Architecture](./doc/images/architecture.png) - -Agama consists on a set of D-Bus services, a web client and a command-line interface. The services use YaST-based libraries under the hood, reusing a lot logic already provided by YaST. Currently Agama comes with six separate services, although the list can increase in the future: - -* Agama service: it is the main service which manages and controls the installation process. -* Software service: configures the product and software to install. -* Users service: manages first user creation and configuration for root. -* Localization service: allows to configure the language and keyboard settings. -* Storage service: analyzes and prepares the storage devices in order to perform the installation. -* Questions service: helper service used for requesting information from clients. - -Agama offers a web interface and its UI process uses the [Cockpit's infrastructure](https://cockpit-project.org/) to communicate with the D-Bus services. - -## How to run - -There are two ways of running this project: a) by using a Agama live ISO image or b) by cloning and configuring the project. - -### Live ISO Image +## Running Agama The easiest way to give Agama a try is to grab a live ISO image and boot it in a virtual machine. This is also the recommended way if you only want to play and see it in action. If you want to have a closer look, then clone and configure the project as explained in the next section. -There are two flavors of live ISO images: - -* openSUSE: it can be used to install different *openSUSE* distributions, like *Tumbleweed* or *Leap*. -* ALP: it allows to install the development version of *SUSE ALP Dolomite*. - -You can download them from the [openSUSE Build +You can download the ISO from the [openSUSE Build Service](https://download.opensuse.org/repositories/systemsmanagement:/Agama:/Devel/images/iso/). -* Make sure to download the correct ISO file according to your system architecture (eg. - you would need to choose a file including `x86_64` if you use an Intel or AMD 64-bit processor) - and according to the system you want to install (openSUSE vs ALP). - -#### Avahi/mDNS - -The Live ISO is configured to use mDNS (sometimes called Avahi, Zeroconf, -Bonjour) for hostname resolution. The reason is that it might be quite difficult -to find out which URL should be used for connecting to a running Agama -installer. - -##### :warning: Security Note :warning: -*Do not use the `.local` hostnames in untrusted networks (like public WiFi -networks, shared networks), it is a security risk. An attacker can easily send -malicious responses for the `.local` hostname resolutions and point you to a -wrong Agama instance which could for example steal your root password!* +> [!NOTE] +> Make sure to download the correct ISO file according to your system architecture (eg. you would +> need to choose a file including `x86_64` if you use an Intel or AMD 64-bit processor). -##### Firewall Configuration +## Remote access -If you cannot connect to a server using the `.local` domain then maybe the -firewall is blocking the traffic. Then you need to enable the mDNS traffic using -these commands: +The Live ISO automatically starts a graphical interface (using the local browser). However, you +might want to access remotely to the installer. If you know the IP address of the system, you just +need to point your browser to `https://$IP`. -```shell -# enable the mDNS traffic in the current run -firewall-cmd --zone=public --add-service=mdns -# make the change permanent -firewall-cmd --permanent --zone=public --add-service=mdns -``` +For the case you do not know the address, or just for convenience, the Live ISO is configured to use +mDNS (sometimes called Avahi, Zeroconf, Bonjour) for hostname resolution. Therefore, connecting to `https://agama.local` should do the trick. -##### Using mDNS +>[!WARNING] +> Do not use the `.local` hostnames in untrusted networks (like public WiFi networks, shared +> networks), it is a security risk. An attacker can easily send malicious responses for the `.local` +> hostname resolutions and point you to a wrong Agama instance which could for example steal your +> root password! -The Live ISO by default uses the `agama.local` hostname. To connect to the -running instance simply type `https://agama.local` in your browser. In most -browsers the HTTPS is the default protocol so usually it is enough to just type -`agama.local`. +If you have troubles or you want to know more about this feature, check our [Avahi/mDNS] (./doc/avahi.md) documentation. -If you run multiple Agama instances, each one will have a different name. The server -appends a number to make it unique. So the second Agama instance gets the -`agama-2.local` hostname. +## Other Resources -If you are not sure whether there are multiple Agama instances running you scan -the network, see the [service advertising](#service-advertising) below. - -Alternatively you can set a different hostname for each instance manually. Use -the `hostname=` boot option to set a different hostname. For example set -`hostname=foo`, `hostname=bar` and then use `https://foo.local`, -`https://bar.local` URLs in the web browser to connect to the respective -instance. - -It is possible to change the hostname later if needed: - -```shell -# set the new hostname -hostnamectl hostname -# restart the avahi daemon server -systemctl restart avahi-daemon -``` - -The mDNS resolution also works for other services like ping or SSH. So you can -use commands like: - -```shell -ping agama.local -ssh root@agama.local -``` - -##### Fallback - -The mDNS approach is just an addition, one more possibility how to connect to -the machine. If it does not work for you then you can always use the old good -classic IP address approach. - -##### Service Advertising - -The Agama Live ISO also uses Avahi service advertising. With this you can easily -search for all running Agama instances in the local network: - -```shell -avahi-browse -t -r _agama._sub._https._tcp -``` - -The command will print the found servers and their hostnames and IP addresses. - -##### Notes - -- mDNS works only in the same local network, it does not work over internet - or separate network segments. -- mDNS might not be supported in all systems or it might be blocked by firewall. -- On mobile phones with Android OS mDNS is supported since Android version 12. - (but this might be vendor dependent...). - -### Manual Configuration - -You can run Agama from its sources by cloning and configuring the project: - -```console -$ git clone https://github.com/openSUSE/agama -$ cd agama -$ ./setup.sh -``` - -Then point your browser to http://localhost:9090/cockpit/@localhost/agama/index.html and that's all. - -The [setup.sh](./setup.sh) script installs the required dependencies -to build and run the project and it also configures the Agama services -and Cockpit. It uses `sudo` to install packages and files to system locations. -The script is well commented so we refer you to it instead of repeating its -steps here. - -Regarding the web user interface, alternatively you can run a development -server which works as a proxy for the cockpit server. See more details [in the -documentation]( web/README.md#using-a-development-server). - -To start or stop Agama D-Bus services at any time, use the `agama` systemd service: - -```console -sudo systemctl start agama -``` - -If something goes wrong, you can use `journalctl` to get Agama logs: - -```console -sudo journalctl -u agama -``` - -Another alternative is to run source checkout inside container so system is not -affected by doing testing run beside real actions really done by installer. -See more details [in the documentation](doc/testing_using_container.md). +* If you want to know how Agama works, you should read about [Agama's architecture](/doc/architecture.md) +* If you would like to [contribute](#how-to-contribute), you might be interested in: + * [Running Agama from sources](./doc/running.md). + * [Working with Agama's web server](./rust/WEB-SERVER.md). + * [Working with Agama's web UI](./web/README.md). +* You can check the overall status of the project through the [status page](/STATUS.md). ## How to Contribute @@ -263,10 +90,3 @@ If you want to contribute to Agama, then please open a pull request or report an get involved in [our discussions](https://github.com/openSUSE/agama/discussions). For more details, please read the [contributing](CONTRIBUTING.md) guidelines. - -## Development Notes - -* [Packaging](PACKAGING.md) -* [Working with the web UI](./web/README.md) -* [D-Bus service API](https://opensuse.github.io/agama/dbus/) (generated) -* [Web frontend documentation](https://opensuse.github.io/agama/jsdoc/) (generated) diff --git a/STATUS.md b/STATUS.md new file mode 100644 index 0000000000..deebaaf9d5 --- /dev/null +++ b/STATUS.md @@ -0,0 +1,46 @@ +# Agama Status + +## CI and checks + +[![CI - Rust](https://github.com/openSUSE/agama/actions/workflows/ci-rust.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-rust.yml) +[![CI - Service](https://github.com/openSUSE/agama/actions/workflows/ci-service.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-service.yml) +[![CI - Web](https://github.com/openSUSE/agama/actions/workflows/ci-web.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-web.yml) +[![CI - Rubocop](https://github.com/openSUSE/agama/actions/workflows/ci-rubocop.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-rubocop.yml) +[![CI - Documentation Check](https://github.com/openSUSE/agama/actions/workflows/ci-doc-check.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-doc-check.yml) +[![CI - Integration Tests](https://github.com/openSUSE/agama/actions/workflows/ci-integration-tests.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/ci-integration-tests.yml) +[![Coverage Status](https://coveralls.io/repos/github/openSUSE/agama/badge.svg?branch=master)](https://coveralls.io/github/openSUSE/agama?branch=master) +[![GitHub Pages](https://github.com/openSUSE/agama/actions/workflows/github-pages.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/github-pages.yml) + +## Translations + +[![Weblate Update POT](https://github.com/openSUSE/agama/actions/workflows/weblate-update-pot.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/weblate-update-pot.yml) +[![Weblate Merge PO](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-po.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-po.yml) +[![Weblate Merge Product PO](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-products-po.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-products-po.yml) +[![Translation Status](https://l10n.opensuse.org/widgets/agama/-/agama-web/svg-badge.svg)](https://l10n.opensuse.org/engage/agama/) + +## Packages + +### [OBS systemsmanagement:Agama:Staging](https://build.opensuse.org/project/show/systemsmanagement:Agama:Staging) + +[![Submit agama](https://github.com/openSUSE/agama/actions/workflows/obs-staging-rust.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-staging-rust.yml) +[![Submit cockpit-agama](https://github.com/openSUSE/agama/actions/workflows/obs-staging-web.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-staging-web.yml) +[![Submit rubygem-agama-yast](https://github.com/openSUSE/agama/actions/workflows/obs-staging-service.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-staging-service.yml) +[![Submit cockpit-agama-playwright](https://github.com/openSUSE/agama/actions/workflows/obs-staging-playwright.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-staging-playwright.yml) + +[![OBS Staging/agama](https://img.shields.io/obs/systemsmanagement:Agama:Staging/agama/openSUSE_Tumbleweed/x86_64?label=Package%20agama)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/agama) +[![OBS Staging/cockpit-agama](https://img.shields.io/obs/systemsmanagement:Agama:Staging/cockpit-agama/openSUSE_Tumbleweed/x86_64?label=Package%20cockpit-agama)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/cockpit-agama) +[![OBS Staging/rubygem-agama-yast](https://img.shields.io/obs/systemsmanagement:Agama:Staging/rubygem-agama-yast/openSUSE_Tumbleweed/x86_64?label=Package%20rubygem-agama-yast)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/rubygem-agama-yast) +[![OBS Staging/agama-products-opensuse](https://img.shields.io/obs/systemsmanagement%3AAgama%3AStaging/agama-products-opensuse/openSUSE_Tumbleweed/x86_64?label=Package%20agama-products-opensuse)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/agama-products-opensuse) +[![OBS Staging/cockpit-agama-playwright](https://img.shields.io/obs/systemsmanagement:Agama:Staging/cockpit-agama-playwright/openSUSE_Tumbleweed/x86_64?label=Package%20cockpit-agama-playwright)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/cockpit-agama-playwright) +[![OBS Staging/agama-live](https://img.shields.io/obs/systemsmanagement:Agama:Staging/agama-live:openSUSE/images/x86_64?label=Live%20ISO)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/agama-live) + +### [OBS systemsmanagement:Agama:Devel](https://build.opensuse.org/project/show/systemsmanagement:Agama:Devel) + +![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/openSUSE/agama?label=Version&sort=semver) +[![Release](https://github.com/openSUSE/agama/actions/workflows/obs-release.yml/badge.svg)](https://github.com/openSUSE/agama/actions/workflows/obs-release.yml) + +[![OBS Devel/agama](https://img.shields.io/obs/systemsmanagement:Agama:Devel/agama/openSUSE_Tumbleweed/x86_64?label=Package%20agama)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/agama) +[![OBS Devel/cockpit-agama](https://img.shields.io/obs/systemsmanagement:Agama:Devel/cockpit-agama/openSUSE_Tumbleweed/x86_64?label=Package%20cockpit-agama)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/cockpit-agama) +[![OBS Devel/rubygem-agama-yast](https://img.shields.io/obs/systemsmanagement:Agama:Devel/rubygem-agama-yast/openSUSE_Tumbleweed/x86_64?label=Package%20rubygem-agama-yast)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/rubygem-agama-yast) +[![OBS Devel/agama-live](https://img.shields.io/obs/systemsmanagement:Agama:Devel/agama-live:openSUSE/images/x86_64?label=Live%20ISO)](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/agama-live) + diff --git a/autoinstallation/systemd/agama-auto.service b/autoinstallation/systemd/agama-auto.service index e1a5b3f861..e4ffb93e05 100644 --- a/autoinstallation/systemd/agama-auto.service +++ b/autoinstallation/systemd/agama-auto.service @@ -5,8 +5,7 @@ After=dbus.socket # it needs to NetworkManager, so it has access to it After=NetworkManager.service # it needs agama, of course -After=agama.service -Requires=agama.service +After=agama-web-server.service [Service] ExecStart=/usr/bin/auto.sh diff --git a/doc/architecture.md b/doc/architecture.md new file mode 100644 index 0000000000..9abe228e7d --- /dev/null +++ b/doc/architecture.md @@ -0,0 +1,98 @@ +# Agama's architecture + +On the surface, Agama implements a typical client-server architecture. The server offers an HTTP/ +JSON API with a WebSocket to send messages to the connected clients. The web and the command-line +interfaces, part of Agama, connect to that server. + +However, things are more complex, and the server comprises different pieces, as described in this +document. + +## Components + +On the server side, Agama is composed by: + +* **Agama server**: from a user's perspective, this is the core of Agama. It is responsible for: + * Implementing (part of) the installation logic. A good share of this logic is delegated to + **Agama YaST**. + * Offering an HTTP and WebSocket (HTTP/WS) interface. + * Making the **web-based user interface** available to the browsers. + +* **Agama YaST service**: it is written in Ruby and has direct access to YaST libraries. This + component implements complex parts, like storage and software handling. Communication with the + Agama web server happens over D-Bus. + +* **Agama D-Bus service**: implements a minimal API to allow **Agama YaST server** to talk to the web +server. It is expected to be replaced by direct communication in the future. + +On the client side, these are the main components: + +* **Web user interface (old `cockpit-agama`)**: Agama's graphical user interface. The **Agama web +server** makes this React application available to browsers. + +* **Command-Line Interface (`agama-cli`)**: it allows interaction with Agama and drives the +auto-installation process. + +* **Auto-installation (`autoinstallation`)**: it is composed of a Systemd service (`agama-auto`) and +a script that relies on `agama-cli` binary. + +The following diagram could be better, but it represents the main components and their interactions. + +```mermaid +flowchart LR + subgraph Clients + Browser + CLI + auto + end + + subgraph Agama Server + subgraph Web["Web Server"] + direction TB + UI["Web UI"] + API["HTTP/WS API"] + WS["WebSocket"] + end + + Web <--"Channel" --> Rust + end + Rust <-- "D-Bus" --> YaST["Agama YaST"] + + Browser --> UI + Browser --> API + Browser <---> WS + CLI --> API + CLI <---> WS + auto --> CLI +``` + +## Encryption + +In the case of a remote installation, the communication between the clients and the server must be +encrypted. Connecting to port 80 (HTTP) redirects the client to port 443 (HTTPS). + +About the certificate, Agama uses a self-signed certificate unless the user injects its own. + +## Authentication + +The HTTP interface allows authentication specifying the root password that will be checked +against PAM. + +On successful authentication, the server generates a [JSON Web Token][jwt] that the client +will include in the subsequent requests. The web client stores the token in an HTTP-only +cookie[^http-only] and the CLI uses a file with restricted permissions. + +[^http-only]: HTTP-only cookies cannot be accessed by client-side JavaScript. + +## Skipping the authentication + +When using Agama locally in the installation media, it would be unpleasant to ask for a password. +For that reason, Agama implements a mechanism to skip the authentication step. This mechanism is +documented in the [security document](./agama-security.md). + +## Links + +* https://bugzilla.suse.com/show_bug.cgi?id=1219688 +* https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html + +[http-auth]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication +[jwt]: https://jwt.io diff --git a/doc/avahi.md b/doc/avahi.md new file mode 100644 index 0000000000..659fcaa995 --- /dev/null +++ b/doc/avahi.md @@ -0,0 +1,90 @@ +#### Avahi/mDNS + +Agama's Live ISO is configured to use mDNS (sometimes called Avahi, Zeroconf, Bonjour) for hostname +resolution. The reason is that it might be quite difficult to find out which URL should be used for +connecting to a running Agama installer. + +This document explains how this feature works and offers a few hints for fix potential problems. + +>[!WARNING] +> Do not use the `.local` hostnames in untrusted networks (like public WiFi networks, shared +> networks), it is a security risk. An attacker can easily send malicious responses for the `.local` +> hostname resolutions and point you to a wrong Agama instance which could for example steal your +> root password! + +##### Firewall Configuration + +If you cannot connect to a server using the `.local` domain then maybe the +firewall is blocking the traffic. Then you need to enable the mDNS traffic using +these commands: + +```shell +# enable the mDNS traffic in the current run +firewall-cmd --zone=public --add-service=mdns +# make the change permanent +firewall-cmd --permanent --zone=public --add-service=mdns +``` + +##### Using mDNS + +The Live ISO by default uses the `agama.local` hostname. To connect to the +running instance simply type `https://agama.local` in your browser. In most +browsers the HTTPS is the default protocol so usually it is enough to just type +`agama.local`. + +If you run multiple Agama instances, each one will have a different name. The server +appends a number to make it unique. So the second Agama instance gets the +`agama-2.local` hostname. + +If you are not sure whether there are multiple Agama instances running you scan +the network, see the [service advertising](#service-advertising) below. + +Alternatively you can set a different hostname for each instance manually. Use +the `hostname=` boot option to set a different hostname. For example set +`hostname=foo`, `hostname=bar` and then use `https://foo.local`, +`https://bar.local` URLs in the web browser to connect to the respective +instance. + +It is possible to change the hostname later if needed: + +```shell +# set the new hostname +hostnamectl hostname +# restart the avahi daemon server +systemctl restart avahi-daemon +``` + +The mDNS resolution also works for other services like ping or SSH. So you can +use commands like: + +```shell +ping agama.local +ssh root@agama.local +``` + +##### Fallback + +The mDNS approach is just an addition, one more possibility how to connect to +the machine. If it does not work for you then you can always use the old good +classic IP address approach. + +##### Service Advertising + +The Agama Live ISO also uses Avahi service advertising. With this you can easily +search for all running Agama instances in the local network: + +```shell +avahi-browse -t -r _agama._sub._https._tcp +``` + +The command will print the found servers and their hostnames and IP addresses. + +##### Notes + +- mDNS works only in the same local network, it does not work over internet + or separate network segments. +- mDNS might not be supported in all systems or it might be blocked by firewall. +- On mobile phones with Android OS mDNS is supported since Android version 12. + (but this might be vendor dependent...). + + diff --git a/doc/debugging.md b/doc/debugging.md deleted file mode 100644 index 36a6686b13..0000000000 --- a/doc/debugging.md +++ /dev/null @@ -1,40 +0,0 @@ -# Debugging - -This document describes some tips for debugging problems in Agama. - -## The Web Frontend - -Cockpit by default does not log any debugging messages, but you can enable it -manually. After enabling the debug mode you can see all DBus traffic, executed -commands and more. - -To enable it open the developer tools in the browser (usually the `F12` or -`Ctrl+Shift+I` key shortcut), switch to the console and run this command: - -```js -window.sessionStorage.debugging = "all" -``` - -This enables logging for all Cockpit parts. If the log is too verbose you can -enable just some specific parts: - -`"channel"` - log the websocket traffic, includes most of the Cockpit traffic -`"dbus"` - log the DBus traffic when using the [Cockpit DBus API]( -https://cockpit-project.org/guide/latest/cockpit-dbus.html) -`"http"` - log HTTP traffic for the [Cockpit HTTP client]( -https://cockpit-project.org/guide/latest/cockpit-http.html) -`"spawn"` - log executed commands and results when using [Cockpit process -spawning](https://cockpit-project.org/guide/latest/cockpit-spawn) - -To turn off the debugging set it to the `undefined` value: - -```js -window.sessionStorage.debugging = undefined -``` - -The setting is stored in the session storage which means the value is kept -between page reloads and each browser tab uses a different instance. - -:warning: *Warning: Cockpit logs all data transferred between the browser -and the server including sensitive data like passwords, registration codes or -similar! Be careful when sharing the Cockpit logs!* :warning: diff --git a/doc/i18n.md b/doc/i18n.md index 1ef2b7c55b..07c61f522c 100644 --- a/doc/i18n.md +++ b/doc/i18n.md @@ -26,7 +26,7 @@ - [ESLint Plugin](#eslint-plugin) - [Testing Language](#testing-language) - [Building POT File](#building-pot-file) - - [Cockpit Details](#cockpit-details) + - [Loading Web UI Translations](#loading-web-ui-translations) - [Development Server](#development-server) - [D-Bus Backend](#d-bus-backend) - [Backend Translations](#backend-translations) @@ -96,10 +96,6 @@ The basic translation workflow looks like this: 7. The PO files are processed during build so the translations can be used later at runtime -*Note: The Agama workflow is pretty similar to the [Cockpit localization]( -https://github.com/cockpit-project/cockpit/blob/main/doc/i18n.md) workflow, -we decided to use a similar approach here.* - ## Staging Translation Repository The special [agama-weblate](https://github.com/openSUSE/agama-weblate) @@ -220,10 +216,9 @@ web/share/update-manifest.py web/src/manifest.json The texts are marked for translation using the usual functions like `_()`, `n_()` and others. It is similar to the GNU gettext style. -Currently Agama uses the Cockpit implementation for loading and displaying -translations. To make this process transparent for developers and to allow easy -change of the implementation there is a simple [i18n.js]( ../web/src/i18n.js) -wrapper which provides the translation functions: +The mechanism of loading and displaying the translation is heavily inspired +in Cockpit's approach. The [i18n module](../web/src/i18n.js) offers a set of translation functions: + ```js import { _, n_, N_, Nn_ } from "~/i18n"; @@ -468,20 +463,19 @@ which defines the needed parameters for the `xgettext` tool. To build the POT file locally just run the script, it will save the output to the `agama.pot` file. -### Cockpit Details +### Loading Web UI Translations The translations are loaded by the `` HTML code in the [index.html](../web/src/index.html) file. But there is no such file -in Agama (or in any Cockpit plugin in general), there are files `po..js` -like `po.cs.js`. +in Agama but one `po..js` file per language, like `po.cs.js`. -The trick is that the Cockpit server checks the `CockpitLang` cookie sent in the +The trick is that Agama's web server checks the `agamaLang` cookie sent in the HTTP request header and returns the content from the respective file. ### Development Server -Because Cockpit serves the `po.js` file a bit differently as described in the -[Cockpit Details](#cockpit-details) section above we need to implement this +Because Agama serves the `po.js` file a bit differently as described in the +[](#loading-web-ui-translations) section above we need to implement this logic also in the development server. The [webpack-po-handler.js](../web/src/lib/webpack-po-handler.js) file @@ -490,22 +484,13 @@ language file. It uses redirection because the built translation files are only available in the webpack memory. But the result is the same, the browser gets a different content according to the currently configured language. -### D-Bus Backend - -The D-Bus service backend implements a writable `UILocale` property which -defines the locale used by the service. +### Backend Locale -For debugging purposes you can get the current value or set a new one using -command line: - -```shell -# get the current locale -busctl --address=unix:path=/run/agama/bus get-property org.opensuse.Agama1 /org/opensuse/Agama1/Locale org.opensuse.Agama1.Locale UILocale -# set a new locale -busctl --address=unix:path=/run/agama/bus set-property org.opensuse.Agama1 /org/opensuse/Agama1/Locale org.opensuse.Agama1.Locale UILocale s cs_CZ -``` +The Agama server exposes a `uiLocale` configuration option via the +`/api/l10n/locales/config` endpoint which defines the locale used by all the + services. -The `UILocale` property is a single global value shared by all connected clients. +The `uiLocale` property is a single global value shared by all connected clients. That means it is possible to use only one language for all clients, if more users connect to the server and uses a different UI language then there will be race conditions and the other users might see the texts coming from the @@ -515,6 +500,15 @@ This is a known limitation, we expect that only one user at a time will access the Agama installer or if multiple users use the same server we expect that they will be from the same team or company using the same language. +To check or set the locale you can use the `/api/l10n/locales/config` endpoint. +Alternatively, you can check (but not change) the current locale via D-Bus: + + +```shell +sudo busctl --address unix:path=/run/agama/bus get-property org.opensuse.Agama1 \ + /org/opensuse/Agama1/Locale org.opensuse.Agama1.Locale UILocale +``` + #### Backend Translations The backend might return texts from external components like `libstorage-ng`. @@ -528,32 +522,32 @@ Here are some hints what to do when some untranslated text appears in the Agama UI. 1. Check that the text is marked for translation, for a quick verification - you might try setting the [testing language](#testing-language) + you might try setting the [testing language](#testing-language). 2. If the text comes from backend or the other parts check that the appropriate - [language package](#backend-translations) is installed + [language package](#backend-translations) is installed. 3. The text should be [extracted into the POT file](#building-pot-file) 4. The [agama.pot]( https://github.com/openSUSE/agama-weblate/blob/master/web/agama.pot) in the `agama-weblate` repository is up to date, if not then run the [Weblate Update POT](https://github.com/openSUSE/agama/actions/workflows/weblate-update-pot.yml) - Github Action manually + Github Action manually. 5. The text is translated in the [Weblate repository]( - https://l10n.opensuse.org/projects/agama/) + https://l10n.opensuse.org/projects/agama/). 6. The translation is included in the respective PO file in the [agama-weblate]( - https://github.com/openSUSE/agama-weblate) repository + https://github.com/openSUSE/agama-weblate) repository. 7. The PO file in the [agama]( https://github.com/openSUSE/agama/tree/master/web/po) repository is up to date, if not the check whether there is an [open pull request]( https://github.com/openSUSE/agama/pulls?q=is%3Aopen+is%3Apr+label%3Atranslations+label%3Abot) with the change, if yes then check it and merge, if not then run the [Weblate Merge PO](https://github.com/openSUSE/agama/actions/workflows/weblate-merge-po.yml) - GitHub Action manually, then check the created pull request + GitHub Action manually, then check the created pull request. 8. The translated string should be present in the built packages, run `npm build` command and check the `dist/po.*.js` files, check the built RPM - package + package. 9. The translations are loaded by the browser, check the content loaded for the - `po.js` file -10. Check the current language used in the browser, run `cockpit.language` - command in the development tools console, check the `CockpitLang` cookie - value (run `document.cookie` command in the console) -11. Check the language used by the [service backend](#d-bus-backend) + `po.js` file. +10. Check the current language used in the browser, run `agama.language` + command in the development tools console, check the `agamaLang` cookie + value (run `document.cookie` command in the console). +11. Check the language used by the [Backend Locale](#backend-locale). diff --git a/doc/images/architecture.png b/doc/images/architecture.png deleted file mode 100644 index e3f33fe20c..0000000000 Binary files a/doc/images/architecture.png and /dev/null differ diff --git a/doc/locale_api.md b/doc/locale_api.md deleted file mode 100644 index 407d0686c8..0000000000 --- a/doc/locale_api.md +++ /dev/null @@ -1,295 +0,0 @@ -# Legacy-free Locale Service - -Problem statement: (2023-03) - -> Agama currently has a separate Language service, although it's rather -> simplistic. It just allows to set the language of the installed system using -> Yast::Language.Set. And it's quite memory demanding for such an unimpressive -> task. - -> That service would be a nice candidate to be rewritten from scratch with no -> dependencies on YaST or Ruby. It's small enough and could give us a good -> overview on how much can we save. - -Original Plan: - -1. take the systemd APIs as a sensible starting point. -2. deviate only where we add value - -The problem with the original plan is that -the installer runs in one system (inst-sys, `/`) -and operates on another (target, `/mnt`) and we cannot use the full systemd -API. We may use `systemd-firstboot` instead but its API is much more limited. - -## Localization - -This design includes localized labels in the API. In other contexts that would -be a responsibility of the frontend, but here the backend has the -information, provided by _langtable_. - -(Languages, Territories and Timezones have localized names. Keyboards do not.) - -(Possible alternative: still include localized labels, but in a supplemental -method while the main method only provides the IDs (and English labels)) - -## Proposal - -A Proposal is what the installer proposes to the user -as settings to be applied to the target system. - -For example, when selecting the "German (Germany)" locale, -the timezone will be proposed to "Europe/Berlin". - -Design decision: put the proposal logic to the antecedent object, that is, -the Locale object will know how to change the Timezone object, -not the other way around (Timezone reacting to Locale value). - -### Overriding the User's Choice? - -
- -If setting the locale proposes the keyboard, what do we do if the user first -changes the keyboard and _then_ the locale? - - -When Agama UI first shows up, it may show default choices like: - -> Locale: English (US), Keyboard: US - -Then we change the locale to Czech, and the keyboard is adjusted automatically: - -> Locale: Czech, Keyboard: Czech - -We tune the keyboard: - -> Locale: Czech, Keyboard: Czech (qwerty) - -When we then change the locale, the keyboard could stay the same, as we have -already touched it: - -> Locale: German, Keyboard: Czech (qwerty) -
- -### Simple Design: Always Repropose - -We can easily afford throwing away the user's choice of keyboard layout and -simply set what we consider a good default for a newly set locale, because: - -1. it is just one setting (as opposed to whole partitioning layout) -2. the change will be visible in the UI, I assume - -### Detailed Design: Prioritize - -But other cases may not be as simple, so here's a generic design (NOT YET USED): - -All settings are wrapped in a `Priority` generic type (an Enum in Rust), -meaning, what is the source and importance of the setting: -- `Machine(data)` means the system has proposed it -- `Human(data)` means the user has made the choice - -In D-Bus, it is represented by wrapping the data in a struct, with a leading -byte* tagging the priority. For ease of recognition when watching bus traffic, -special numbers are used: -- `23` means Human, for the number of chromosome pairs -- `42` means Machine, as the famous Answer was given by Deep Thought, a machine - -In the following dump, we see that the locale was set by the user and the -system has adjusted the keyboard. - -``` -node ...Agama1/Locale { - interface ...Agama1.Locale { - properties: - readwrite (yas) Locale = (23, ['cs_CZ.UTF-8', 'de_DE.UTF-8']); - readwrite (y(ss)) X11Keyboard = (42, ('cz','qwerty)); - }; -}; -``` - -You may know a [similar settings in libzypp][resstatus] where it has 4 levels. - -*: maybe this is a crazy optimization? I am not too opposed to use strings for -this on the bus. - -[resstatus]: https://github.com/openSUSE/libzypp/blob/d441746c59f063b5d54833bfdebc48829b07feb5/zypp/ResStatus.h#L106 - - -## Interfaces - -### Language and Keyboard - -- when setting the locale, adjust the proposed package selection and keyboard - accordingly. And timezone. - -The general design of the proposal layer is - -- declarative, using read-write properties -- setting some properties will make changes in the proposal layer of other - properties of other objects - -I don't know: should the proposal be adjusted automatically as part of the property setter, or should it be explicit? - -So here, setting `Locale` below will set also `VConsoleKeyboard` here and - - Agama...Software...todo(...) - - Agama...Timezone...todo(...) - -For the first version of the API, let's keep things simple: - -**LocaleType** is just one string, the value for the `LANG` variable, like -`"cs_CZ.UTF-8"`. - -**VConsoleKeyboardType** is a string, for example -`"cz-qwerty"` or `"us"`. - -`systemd-firstboot` only has an option for the console keymap, but we have a -way to propagate it to X11, see [bsc#1046436](https://bugzilla.suse.com/show_bug.cgi?id=1046436) - -We don't expose the X11 keyboard, instead letting systemd do it via the -_convert_ parameter. - -(The other systemd keyboard settings are X11Model and X11Options, we don't -have UI or data for that) - -NOTE: _langtable_ on the other hand only deals with the X11 keyboards, -linking them to languages and territories. - -``` -# this is gdbus syntax BTW -node /org/opensuse/Agama1/Locale { - interface org.opensuse.Agama1.Locale { - methods: - # In the same order as in SupportedLocales, pairs of - # (english_labels, native_labels), where foo_labels - # is a pair of (language, territory) - LabelsForLocales( - out a((ss)(ss)) id_english_native # [(("Spanish", "Spain"), ("Español", "España")), (('English', 'United States'), ('English', 'United States'))] - ) - ListVConsoleKeyboards( - out as ids # like ["cz", "cz-qwerty", "gb-intl", "us", "us-dvorak",…] - ) - - # ProposeKeyboard(); # not needed? adjusted automatically, same object - # Sets Agama/TimeDate1's Timezone (but not LocalRTC, that's for Storage to say?) - ProposeTimeDate(); # different object but same service - ProposeSoftware(); # different service - - Commit(); - properties: - - # The locale service DOES NOT KNOW which locales are - # available for the product currently selected for installation. - # When the user chooses a product, SupportedLocales should be set. - # It affects the output of LabelsForLocales - # and the valid inputs for Locales. - readwrite as SupportedLocales = ["es_ES.UTF-8", "en_US.UTF-8"]; - - # NOTE: "as" has different meaning to systemd, - # we have a list of LANG settings, 1st gets passed to systemd, - # others affect package selection - readwrite as Locales = ['cs_CZ.UTF-8', 'de_DE.UTF-8']; - - readwrite s VConsoleKeyboard = 'cz-qwerty'; - }; -}; -``` - -#### Systemd - -
- -For reference, the systemd API for Locale(Language) and Keyboard is this: - - -``` -$ gdbus introspect -y -d org.freedesktop.locale1 -o /org/freedesktop/locale1 -node /org/freedesktop/locale1 { - interface org.freedesktop.locale1 { - methods: - SetLocale(in as locale, - in b interactive); - SetVConsoleKeyboard(in s keymap, - in s keymap_toggle, - in b convert, - in b interactive); - SetX11Keyboard(in s layout, - in s model, - in s variant, - in s options, - in b convert, - in b interactive); -… -$ busctl --system introspect org.freedesktop.locale1 /org/freedesktop/locale1 -(all properties are read-only and emit PropertiesChanged) -.Locale property as 1 "LANG=en_US.UTF-8" -.VConsoleKeymap property s "cz-lat2-us" -.VConsoleKeymapToggle property s "" -.X11Layout property s "cz,us" -.X11Model property s "pc105" -.X11Options property s "terminate:ctrl_alt_bksp,grp:shift_togg… -.X11Variant property s "qwerty,basic" -``` - -
- -### Timezone - -``` -node /org/opensuse/Agama/TimeDate1 { - interface org.opensuse.Agama.TimeDate1 { - methods: - ListTimezones( - in s display_locale # "de_DE.UTF-8" - out a(ss) id_label_pairs # [('Europe/Prague', 'Europa/Prag')] - ) - # success? do we need a specific return value other than some Error? - Commit(); - properties: - readwrite s Timezone = 'Europe/Prague'; - readwrite b LocalRTC = false; - }; -}; -``` - -#### Systemd - -
- -For reference, the systemd API for Time and Timezone is this: - - -(I find `gdbus` verbose output better for methods and `busctl` terse output -better for properties) - -``` -$ gdbus introspect -y -d org.freedesktop.timedate1 -o /org/freedesktop/timedate1 -node /org/freedesktop/timedate1 { … - interface org.freedesktop.timedate1 { … - methods: - SetTime(in x usec_utc, - in b relative, - in b interactive); - SetTimezone(in s timezone, - in b interactive); - SetLocalRTC(in b local_rtc, - in b fix_system, - in b interactive); - SetNTP(in b use_ntp, - in b interactive); - ListTimezones(out as timezones); -… -$ busctl --system introspect org.freedesktop.timedate1 /org/freedesktop/timedate1 -NAME TYPE SIG RESULT/VALUE FLAGS -(properties are read only) -.CanNTP property b true - -.LocalRTC property b false emits-change -.NTP property b false emits-change -.NTPSynchronized property b false - -.RTCTimeUSec property t 1681214874000000 - -.TimeUSec property t 1681214874046139 - -.Timezone property s "Europe/Prague" emits-change -``` - -"LocalRTC" means "is the local time zone used for the real time clock", -so it's !hwclock_in_UTC - -
diff --git a/doc/multi_process_backend.md b/doc/multi_process_backend.md deleted file mode 100644 index 1d86126589..0000000000 --- a/doc/multi_process_backend.md +++ /dev/null @@ -1,56 +0,0 @@ -## Multi-Process Backend - -The idea is to have a backend consisting of several services that communicate -via D-Bus. The goals of such an approach are: - -* Parallelize as much work as possible, especially relevant during probing. -* Keep service responsiveness even when a long-running task is running. -* Improve reusability by building smaller D-Bus-based services. - -## Processes or threads - -We decided to go for processes instead of threads because the latter are known -to cause problems to YaST and it is easier to avoid race conditions. Moreover, -we could even reimplement any of those services in a different language in the -future. - -## Proof-of-concept - -Untangling the YaST code into different processes is quite a challenging task. -Take the *storage* API as an example: other components, like *bootloader*, use -its API extensively. Hence we decided to extract the *users handling* part in -the first place. Of course, in terms of speed and responsiveness, it does not -bring much benefit, but we thought it was a good starting point because: - -1. Users handling was (partially) refactored recently, so it is well covered - by unit tests. -2. No other Agama component relies on users handling. - -### Users - -We found these dependencies: - -- `MailAliases` (which depends on `MailTable`): no other Agama component - depends on it. -- `ShadowConfig` uses CFA to modify the `login.defs` file, which is also used - by `Security`. However, it looks like `Security` is not used in other parts - of the installer. -- `Autologin`, which uses many modules, including packages, can be tricky. It - basically checks which supported Display Managers are available. -- `ProductFeatures`, which should be replaced with Agama configuration - mechanism. Ignored by now. - -We reached these agreements: - -- This PoC uses a special directory (`service/lib/agama/dbus/y2dir`) - which contains a modified version of the dependencies. This directory is - added to `Y2DIR`, so these modules are used instead of the original ones. -- Having `Agama::DBus::Clients` for D-Bus clients that are needed to - communicate between different processes. - -## Future steps - -- We agreed on using a separate process for questions. The API should allow to - asking questions and replying to them. -- Software is the most time-consuming aspect of the installation, so we should - aim to move it to a separate process. diff --git a/doc/network_support_design.md b/doc/network_support_design.md deleted file mode 100644 index aac39ecfab..0000000000 --- a/doc/network_support_design.md +++ /dev/null @@ -1,92 +0,0 @@ -# Network Support Planning - -This document summarizes the plan to add proper networking support to Agama. It is still under -discussion, so expect some things to change. - -## What scenarios/features do we want to support? - -In general, we are focused on scenarios that are important for the installation process. Defining -a set up to be used *after the installation* is out of scope. - -Here is a preliminary list of the scenarios/features we would like to support. In general, we should -focus on scenarios that are important for the installation. - -* Specify a static configuration, useful where no DHCP is available or the configuration needs some - extra change: - - IPv4 / IPv6 (optionally in addition to the DHCP settings) - - DNS configuration (needed to reach the repositories) - - Routing configuration (needed to work on some specific networks) -* Use the DHCP provided configuration, allowing the user to adapt it if needed. -* Connect to a wireless network, adding support for the most common authentication mechanisms. -* Define a proxy to access the network. -* High availability scenarios. This features are critical when working with remote storage, network - redundancy and so on. NTP configuration very important here. We should support: - - Bonding - - Bridge - - VLAN -* s390 deployment: devices activation (port number and layer 2/3 configuration). -* VPN (?). If needed, which one? - -Other interesting use cases: - -* Provide multiple WiFi networks (in the unattended installation) and select one available during - installation. You could reuse the same profile and deploy on different places. - -## Current situation - -Networking support in Agama is far from being finished. At this point, only the web UI allows -setting up simple scenarios: - -* DHCP and static configuration of Ethernet devices. -* Connection to wireless devices with limited authentication settings. - -Moreover, it connects directly to the NetworkManager D-Bus interface, so the Agama service is not -really involved. So if you want to set up the network using the CLI, you need to use `nmcli` and -rely on Agama to copy the configuration files at the end of the installation. - -## Considered options - -Based on the situation described above, we considered these approaches: - -1. Implement support to set up the network through Agama D-Bus service. -2. Keep the status quo, extend the web UI and rely on `nmcli` for the CLI-based installation. For - automation, we could rely on third-party tool. - -Although it might be harder, option 1 looks more consistent: you can install your system just using -Agama D-Bus interface. - -## Adding our own D-Bus interface - -Adding a D-Bus interface does not mean that we need to implement a full solution to set up the -network. The idea is to build a good enough API to support our use cases. - -Initially, we though about adding the D-Bus API on top of [nmstate](https://nmstate.io/), although -it covers a different use-case. After playing a bit with this idea, we decided to come up with a -solution more aligned with our needs. - -As an alternative, you might be wondering why not use YaST2 itself? Let's see some reasons: - -* It does not implement support for reading the NetworkManager configuration. -* It is not able to talk to NetworkManager D-Bus interface. It configures NetworkManager by writing - the connection files. -* It is Ruby-based, so we might consider a Rust-based solution. It is not a language problem, but we - would like to reduce the memory consumption. - -## The proposal - -Agama's network service is responsible for holding the network configuration for the installer. It -should be agnostic from the used network service, although in the short-term it will support -NetworkManager only. Therefore, the current solution is influenced by NetworkManager itself. - -In a first version, the API is composed of the following objects: - -* Network devices. Each one is available as an object under `/org/opensuse/Agama/Network1/devices/*` - exposing the current status[^1]. -* Connections (or configurations). They are exposed as `/org/opensuse/Agama/Network1/connections/*`. - Depending on the type of connection, those objects implements different interfaces like - `org.opensuse.Agama.Network1.IPv4`, `org.opensuse.Agama.Network1.Wireless`, etc. - -This API could be expanded in the future to provide a list of access points, emit signals when the -configuration changes, provide more information about the network devices, etc. - -[^1]: By now it only exposes some basic data, as the current status is only needed by the web UI. diff --git a/doc/networking.md b/doc/networking.md new file mode 100644 index 0000000000..13dba06836 --- /dev/null +++ b/doc/networking.md @@ -0,0 +1,28 @@ +# Networking Support + +In general, we are focused on scenarios that are important for the installation process. Defining +a set up to be used *after the installation* is out of scope. + +Here is a preliminary list of the scenarios/features we would like to support. In general, we should +focus on scenarios that are important for the installation. + +* Specify a static configuration, useful where no DHCP is available or the configuration needs some + extra change: + - IPv4 / IPv6 (optionally in addition to the DHCP settings) + - DNS configuration (needed to reach the repositories) + - Routing configuration (needed to work on some specific networks) +* Use the DHCP provided configuration, allowing the user to adapt it if needed. +* Connect to a wireless network, adding support for the most common authentication mechanisms. +* Define a proxy to access the network. +* High availability scenarios. This features are critical when working with remote storage, network + redundancy and so on. NTP configuration very important here. We should support: + - Bonding + - Bridge + - VLAN +* s390 deployment: devices activation (port number and layer 2/3 configuration). +* VPN (?). If needed, which one? + +Other interesting use cases: + +* Provide multiple WiFi networks (in the unattended installation) and select one available during + installation. You could reuse the same profile and deploy on different places. diff --git a/doc/new_architecture.md b/doc/new_architecture.md deleted file mode 100644 index a0d9b087e6..0000000000 --- a/doc/new_architecture.md +++ /dev/null @@ -1,173 +0,0 @@ -# Agama's 2024 architecture - -This document describes the proposal for the new Agama architecture. The reasons for introducing -these changes are recorded in [a discussion in Agama's repository][drop-cockpit]. - -[drop-cockpit]: https://github.com/openSUSE/agama/discussions/1000 - -But before describing how the architecture should look, let's quickly look at the current status. - -## The current architecture - -At this point, Agama is composed of four high-level components: - -* **Agama service**: implements the logic to perform the installation. It is the core component of -Agama and it offers a D-Bus interface. Actually, it is composed of two services: `rubygem-agama` and -`agama-dbus-server`. - -* **Web user interface (`cockpit-agama`)**: a web-based interface that plays the role of a GUI when -using Agama live. - -* **Command Line Interface (`agama-cli`)**: it allows to interact with Agama core and drives the -auto-installation process. - -* **Auto-installation (`autoinstallation`)**: it is composed by a Systemd service (`agama-auto`) and -a script that relies on `agama-cli`. - -In addition to those components, we need to consider Cockpit, which plays a vital role: - -* It makes communication between the web UI and the D-Bus services possible. -* It makes the web UI code available to the browser. -* It takes care of authenticating the user when connecting remotely. Again, it is only relative to -the web UI. - -```mermaid -flowchart LR - subgraph Clients - Browser - CLI - auto - end - - subgraph Cockpit - UI["Web UI"] - end - - subgraph Agama Service - Rust[Agama Rust] - Ruby[Agama Ruby] - end - - Browser <---> UI - UI <--D-Bus--> Rust - UI <--D-Bus--> Ruby - CLI <--D-Bus--> Rust - CLI <--D-Bus--> Ruby - Rust <--D-Bus---> Ruby - auto --> CLI -``` - -## The new architecture - -The proposed architecture is not that different from the current one, but it tries to meet these -goals: - -* Drop our dependency on Cockpit. -* Implement a higher-level API to be consumed by the clients, replacing D-Bus for client-server -communication. Agama will still use D-Bus for IPC between the Rust and Ruby components. - -### Components - -With those goals in mind, we are considering the following components: - -* **Agama core (old `agama-dbus-server`)**: implements the installation logic. It relies heavily on -the Agama YaST service. - -* **Agama YaST service (old `rubygem-agama`)**: it is written in Ruby and has direct access to YaST -libraries. Complex parts, like storage and software handling, are implemented in this component. - -* **HTTP and WebSocket API**: implements the API the clients should use to communicate with Agama. -Under the hood, it still uses D-Bus for communication between Agama core and Agama YaST. - -* **Web user interface (old `cockpit-agama`)**: Agama's graphical user interface. The web server -makes this React application available to the browsers. - -* **Command Line Interface (`agama-cli`)**: it allows interaction with Agama and drives the -auto-installation process. With the new architecture, connecting through the network might be -possible without SSH. - -* **Auto-installation (`autoinstallation`)**: as in the current architecture, it is composed by -a Systemd service (`agama-auto`) and a script that relies on `agama-cli`. - -The following diagram could be better, but it represents the main components and their interactions. - -```mermaid -flowchart LR - subgraph Clients - Browser - CLI - auto - end - - subgraph Agama Core - subgraph Web["Web Server"] - direction TB - UI["Web UI"] - API["HTTP/WS API"] - WS["WebSocket"] - end - - Web <--"Channel" --> Rust - end - Rust <-- "D-Bus" --> YaST["Agama YaST"] - - Browser --> UI - Browser --> API - Browser <---> WS - CLI --> API - CLI <---> WS - auto --> CLI -``` - -### The web-based API - -The new web-based API is divided into two different parts: - -* **HTTP/JSON API**: allows clients to execute actions or query Agama. For instance, it could get -the list of available products, request a new storage proposal or start the installation. About the -approach, something REST-like is the most suitable. Switching to GraphQL or gRPC do not seem to be -needed in our case (todo: write why). - -* **WebSocket**: Agama will use WebSockets to notify clients about any relevant event: progress, -configuration changes, etc. The event's format is not defined yet, but a JSON event containing the -`type` and the `payload/details` should be enough[^topics]. - -[^topics]: Ideally, the clients should be able to subscribe to the topics they are interested in. - But that feature can wait. - -### Encryption - -In the case of a remote installation, the communication between the clients and the server must be -encrypted. Connecting to port 80 (HTTP) should redirect the client to port 443 (HTTPS). - -About the certificate, Agama will use a self-signed certificate unless the user injects its own -certificate (through a kernel command line option). - -NOTE: under discussion. - -### Authentication - -The HTTP interface should allow authentication specifying a user and password that will be checked -against PAM. It is not clear yet, but we might need to check whether the logged user has permissions -(making sure it is `root` or through Polkit). - -On successful authentication, the server generates a [JSON Web Token][jwt] that the client will -include in the subsequent requests. The web client stores the token in an HTTP-only -cookie[^http-only] and the CLI uses a file with restricted permissions. - -[^http-only] HTTP-only cookies cannot be accessed byt client-side JavaScript. - -#### Skipping the authentication - -When using Agama locally in the installation media, it would be unpleasant to ask for a -user/password. For that reason, there must be a mechanism to skip the authentication step. Agama -Live could run a special service that generates a valid token and injects such a token into the -server, the CLI and the web browser. - -## Links - -* https://bugzilla.suse.com/show_bug.cgi?id=1219688 -* https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html - -[http-auth]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication -[jwt]: https://jwt.io diff --git a/doc/running.md b/doc/running.md new file mode 100644 index 0000000000..5d5b5ff235 --- /dev/null +++ b/doc/running.md @@ -0,0 +1,38 @@ +# Running from sources + +You can run Agama from its sources by cloning and configuring the project: + +```console +$ git clone https://github.com/openSUSE/agama +$ cd agama +$ ./setup.sh +``` + +Then point your browser to http://localhost:8080/, login with your +root password and that's all. + +The [setup.sh](./setup.sh) script installs the required dependencies to build and run the project +and it also configures the Agama services. It uses `sudo` to install packages and files to system +locations. The script is well commented so we refer you to it instead of repeating its steps here. + +Regarding the web user interface, alternatively you can run a development +server which works as a proxy for Agama's server. See more details [in the +documentation]( web/README.md#using-a-development-server). + +To start or stop Agama D-Bus and web services at any time, use the `agama` and `agama-web-server` systemd services: + +```console +sudo systemctl start agama +sudo systemctl start agama-web-server +``` + +If something goes wrong, you can use `journalctl` to get Agama logs: + +```console +sudo journalctl -u agama +sudo journalctl -u agama-web-server +``` + +Another alternative is to run source checkout inside container so system is not +affected by doing testing run beside real actions really done by installer. +See more details [in the documentation](doc/testing_using_container.md). diff --git a/doc/agama-security.md b/doc/security.md similarity index 79% rename from doc/agama-security.md rename to doc/security.md index 2e33326e1d..ad8a36bb63 100644 --- a/doc/agama-security.md +++ b/doc/security.md @@ -8,7 +8,7 @@ As frontend Agama offers a web based user interface (web UI) or a commandline in Authorization is done via password. To get authorized the frontend has to provide the root password (root on the backend's system). The password is validated through PAM [1]. Once the authorization succeeds, the backend generates an authorization token and passes it back to frontend. Agama uses [JSON Web Token (JWT)] [2] as authorization token [3]. All subsequent calls to the API has to be done together with the token. In case of the web UI, the token is stored in a HTTP-only cookie. -Agama supports special use case when Agama's UI or CLI is used in live installation media. In such case skipping autorization is supported to get feeling of using a desktop application. However, skipping authorization happens only for local access. When connecting remotely, authorization is still in place. Skipping of authorization is made possible thanks to option ```--generate-token```. When this option is used, Agama's web server service generates valid JWT automatically on start. The token is stored locally [4]. To make it usable for web UI, token is imported into web browser's internal database by Agama provided startup [5] script. The script prepares custom profile for Firefox with predefined homepage pointing to Agama's special login page with the generated token as part of a get request in the homepage url. As part of the response, the token is stored as `httpOnly` cookie. In case of CLI the situation is way easier as the token can be accessed and used directly as needed from well known location [4]. +Agama supports special use case when Agama's UI or CLI is used in live installation media. In such case skipping autorization is supported to get feeling of using a desktop application. However, skipping authorization happens only for local access. When connecting remotely, authorization is still in place. Agama's web server service generates valid JWT automatically on start. The token is stored locally [4]. To make it usable for web UI, token is imported into web browser's internal database by Agama provided startup [5] script. The script prepares custom profile for Firefox with predefined homepage pointing to Agama's special login page with the generated token as part of a get request in the homepage url. As part of the response, the token is stored as `httpOnly` cookie. In case of CLI the situation is way easier as the token can be accessed and used directly as needed from well known location [4]. ### JWT diff --git a/doc/startup.md b/doc/startup.md index ba485977fe..9917f48b9a 100644 --- a/doc/startup.md +++ b/doc/startup.md @@ -4,10 +4,10 @@ This document summarizes Agama's startup process. ## Overview -As described in the [README](../README.md#architecture), Agama is composed of a set of D-Bus -services, a web client and a command-line interface. The startup process aims to get those D-Bus -services up and running and make the web UI available. Additionally, the auto-installation procedure -could be started if required by the user. +As described in the [architecture docment](./architecture.md), Agama is composed of a web server, +a set of D-Bus services, a web client and a command-line interface. The startup process aims +to get those D-Bus services up and running and make the web server available. Additionally, the +auto-installation procedure could be started if required by the user. The startup process is handled by systemd and D-Bus. The only exception is starting the local browser in the Agama Live image. @@ -23,20 +23,22 @@ required. The definitions of those services are located in `/usr/share/dbus-1/ag although you can find the sources in the [repository](../service/share) (`org.opensuse.Agama*.service` files). +## Starting the web server + +[agama-web-server](../rust/share/agama-web-server.service) is responsible for starting up +Agama's web server using the `agama-web-server` command. + ## Auto-installation If the `agama.auto` option is specified in the kernel command-line, the [agama-auto.service](../service/share/systemd/agama-auto.service) comes into play. It runs after the -`agama.service` so the D-Bus daemon is ready and the services can be activated as needed. +`agama-web-server.service` so the web server and the D-Bus daemon are ready. ## Web UI When discussing the web UI, we can distinguish two sides: the server process and the web browser. -Regarding the server, Agama's web UI is implemented as a Cockpit module, so the only requirement is -that the `cockpit.socket` is enabled. Then, you can connect to the UI using the -`https://$SERVER_IP:9090/cockpit/@localhost/agama/index.html`. +Regarding the server, Agama's web UI is implemented as a React application which is served +by the web server. You can connect to the UI using the http://$SERVER_IP` address. When using Agama Live, a local web browser is automatically started. In the default image, it is -launched using an Icewm startup script[^1]. - -[^1]: Check the `root.tar` file from the [agama-live](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/agama-live) sources. +launched using an [IceWM startup script](../live/root/root/.icewm/startup) diff --git a/doc/yaml_config.md b/doc/yaml_config.md index c2a8e0de9a..70210e1395 100644 --- a/doc/yaml_config.md +++ b/doc/yaml_config.md @@ -74,25 +74,6 @@ Default policy. Only applicable for selinux lsm. List of supported distros that can be offered in installer. Archs key is used for products that is not available for all hardware architectures. -### web - -Cockpit's web server related settings. - -#### ssl - -Whether enable or disable TLS/SSL for remote connections. If it is not set, it does not modify -Cockpit configuration in that regard. - -#### ssl\_cert - -Location of the certificate to use for remote connections. The certificate is retrieved and copied -to `/etc/cockpit/ws-certs.d`. - -#### ssl\_key - -Location of the certificate key to use for remote connections. The key is retrieved and copied to -`/etc/cockpit/ws-certs.d`. This option is ignored unless the `ssl_cert` is set. - ## storage Options related to management of storage devices. It is map with the following keys: diff --git a/rust/README.md b/rust/README.md index fd585a9296..90fc314c3d 100644 --- a/rust/README.md +++ b/rust/README.md @@ -1,9 +1,10 @@ -# Agama Command Line and D-Bus Interface +# Agama Server -This project aims to build a command-line interface for -[Agama](https://github.com/yast/agama), a service-based Linux installer featuring a nice -web interface. The second aim is D-Bus service that does not depend heavily on YaST to -reduce memory consumption and also provide better performance. +According to [Agama's architecture](../doc/architecture.md) this project implements the following components: + +* The *Agama server*, excluding *Agama YaST* which lives in the [service](../service) directory. +* The *Agama D-Bus service*. +* The *Command Line Interface*. ## Code organization @@ -13,109 +14,14 @@ three packages: * [agama-lib](./agama-lib): code that can be reused to access the [Agama D-Bus API](https://github.com/yast/agama/blob/master/doc/dbus_api.md) and a model for the configuration settings. -* [agama-cli](./agama-cli): code specific to the command line interface. -* [agama-derive](./agama-derive): includes a [procedural +* [agama-cli](./agama-cli): code specific to the command-line interface. +* [agama-settings](./agama-settingS) and [agama-derive](./agama-derive): includes a [procedural macro](https://doc.rust-lang.org/reference/procedural-macros.html) to reduce the boilerplate code. * [agama-locale-data](./agama-locale-data): specific library to provide data for localization D-Bus API -* [agama-dbus-server](./agama-dbus-server): provides D-Bus API for services implemented in rust - -## Status - -Agama CLI is still a work in progress, although it is already capable of doing a few things: - -* Querying and setting the configuration for the users, storage and software services. -* Handling the auto-installation profiles. -* Triggering the *probing* and the *installation* processes. - -Agama D-Bus API is also a work in progress, but it is already used by Agama. - -## Installation - -You can grab the [RPM package](https://build.opensuse.org/package/show/systemsmanagement:Agama:Devel/agama-cli) from -the [systemsmanagement:Agama:Devel](https://build.opensuse.org/project/show/systemsmanagement:Agama:Devel) project. - -If you prefer, you can install it from sources with [Cargo](https://doc.rust-lang.org/cargo/): - -``` -git clone https://github.com/openSUSE/agama -cd rust -cargo install --path . -``` - -## Running - -For D-Bus API just run as root agama-dbus-server binary and it will properly attach to D-Bus. - -For CLI take into account that you need to run `agama-cli` as root when you want to query or change -the Agama configuration. Assuming that the Agama D-Bus service is running, the next command -prints the current settings using JSON (hint: you can use `jq` to make result look better): - -``` -$ sudo agama --format json config show -{"user":{"fullName":"","userName":"","password":"","autologin":false},"software":{"product":""}} -``` - -To set one or multiple parameters, just use the `config set` command: - -``` -$ sudo agama config set software.product=Tumbleweed user.fullName="Jane Doe" user.userName="jane.doe" user.password="12345" user.autologin=true -``` - -The following operation can take some time. Please, make sure to read the *Caveats* section for more -information. - -``` -$ sudo agama config show -{"user":{"fullName":"Jane Doe","userName":"jane.doe","password":"","autologin":true},"software":{"product":"Tumbleweed"}} -``` - -If, at some point you want to force a new probing, you can ask Agama to repeat the process again: - -``` -$ sudo agama probe -``` - -It is possible to handle auto-installation profiles too: - -``` -$ agama profile download http://192.168.122.1/profile.jsonnet -$ agama profile evaluate profile.jsonnet > profile.json -$ agama profile validate profile.json -``` - -Now that you have a ready to use profile, you can load it into Agama: - -``` -$ sudo agama config load profile.json -``` - -## Building and running - -You can build and run the project using the `cargo` command: - -``` -cargo build -sudo ./target/debug/agama --help -``` - -## A Testing Backend - -The previous section assumes that the Agama D-Bus services are running -on the same machine. - -For an alternative setup using a containerized backend, see -*[How to set up a backend for testing this -frontend](./agama-cli/doc/backend-for-testing.md)*. - -## Testing OBS Build - -To test if cargo packages build in OBS push your changes to remote branch. Then do osc checkout of Agama:Staging. -Modify `_service` file and point it to your branch in ``. Run `osc service manualrun obs_scm` and -then try `osc build` to build it. If it failed push fixes to your branch and repeat service and build step. - -## Caveats +* [agama-server](./agama-server): implements the HTTP/JSON (and WebSocket) API. Additionally, it + offers a minimal D-Bus API for internal communication. -* If no product is selected, the `probe` command fails. +## Other resources -[c_a_bug]: https://github.com/openSUSE/obs-service-cargo_audit/pull/6 +* [Web server development notes](/rust/WEB-SERVER.md). diff --git a/rust/WEB-SERVER.md b/rust/WEB-SERVER.md index 6637309e57..24c22a25d7 100644 --- a/rust/WEB-SERVER.md +++ b/rust/WEB-SERVER.md @@ -1,6 +1,6 @@ # Web server development notes -This document includes some notes about the usage and development of the new Agama web server. +This document includes some notes about the usage and development of Agama's web server. ## Installing Rust and related tools diff --git a/rust/agama-cli/doc/CLI_API.md b/rust/agama-cli/doc/CLI_API.md deleted file mode 100644 index bc8e12f135..0000000000 --- a/rust/agama-cli/doc/CLI_API.md +++ /dev/null @@ -1,248 +0,0 @@ -# Agama CLI - -Agama already shipped an initial CLI prototype for managing and driving the installation process. Note that such a CLI was created as a proof of concept, and its current API needs some refactoring. This document is intended to discuss how the new CLI should look like, what patterns to follow, etc. - -## CLI Guidelines - -There already are guidelines for creating modern CLI applications. For example [clig.dev](https://clig.dev/) defines a guide that is agnostic about programming languages and tooling in general, and it can be perfectly used as reference for Agama CLI. - -## Command name - -Some naming recommendations from the guidelines: - -* Make it a simple, memorable word -* Use only lowercase letters, and dashes if you really need to -* Keep it short -* Make it easy to type - -Currently we have two executables: `agamactl` for managing the D-Bus services and `agama` for configuring and performing the installation. - -## Subcommands - -Let's list the recommendations from the guidelines: - -* Be consistent across subcommands. Use the same flag names for the same things, have similar output formatting, etc. -* Use consistent names for multiple levels of subcommand. If a complex piece of software has lots of objects and operations that can be performed on those objects, it is a common pattern to use two levels of subcommand for this, where one is a noun and one is a verb. For example, `docker container create`. Be consistent with the verbs you use across different types of objects. -* Don’t have ambiguous or similarly-named commands. For example, having two subcommands called “update” and “upgrade” is quite confusing. - -## New CLI - -The API of the current CLI is not consistent. It sometimes uses verbs for the subcommand action (e.g., `agama user clear`), and for other subcommands adjectives or nouns are used (e.g., `agama language selected `). Moreover, there is a subcommand per each area, for example `agama language`, `agama software`, `agama storage`, etc. Having a subcommand for each area is not bad per se, but for some areas like storage the subcommand could grow with too many actions and options. - -The new CLI could be designed with more generic subcommands and verbs, allowing to configure any installation setting in a standard way. Note that the installation process can be already configured by means of a YAML config file with `agama config load `. And the options currently supported by the config file are: - -~~~ ---- -product: "Tumbleweed" - -languages: - - "es_ES" - - "en_US" - -disks: - - /dev/vda - - /dev/vdb - -user: - name: "test" - fullname: "User Test" - password: "12345" - autologin: true - -root: - ssh_key: "1234abcd" - password: "12345" -~~~ - -We could extend the `config` subcommand for editing such a config without the need of a subcommand per area. In general, the `config` subcommand should have verbs for the following actions: - -* To load a YAML config file with the values for the installation. -* To edit any value of the config without loading a new complete file again. -* To show the current config for the installation. -* To validate the current config. - -Moreover, the CLI should also offer subcommands for these actions: - -* To ask for the possible values that can be used for some setting (e.g., list of available products). -* To start and abort the installation. -* To see the installation status. - -Let's assume we will use `agamactl` for managing D-Bus services and `agama` for driving the installation (the opposite as it is now). The CLI for Agama could look like something similar to this: - -~~~ -$ agama install -Starts the installation. - -$ agama abort -Aborts the installation. - -$ agama status -Prints the current status of the installation process and informs about pending actions (e.g., if there are questions waiting to be answered, if a product is not selected yet, etc). - -$ agama watch -Prints messages from the installation process (e.g., progress, questions, etc). - -$ agama config load -Loads installation config from a YAML file, keeping the rest of the config as it is. - -$ agama config show [] -Prints the current installation config in YAML format. If a is given, then it only prints the content for the given key. - -$ agama config set = ... -Sets a config value for the given key. - -$ agama config unset -Removes the current value for the given key. - -$ agama config reset [] -Sets the default value for the given . If no key is given, then the whole config is reset. - -$ agama config add [=] ... -Adds a new entry with all the given key-value pairs to a config list. The key is omitted for a list of scalar values (e.g., languages). - -$ agama config delete [=] ... -Deletes any entry matching all the given key-value pairs from a config list. The key is omitted for a list of scalar values. - -$ agama config check -Validates the config and prints errors - -$ agama info [] -Prints info about the given key. If no value is given, then it prints what values are admitted by the given key. If a value is given, then it shows extra info about such a value. - -$ agama summary [
] -Prints a summary with the actions to perform in the system. If a section is given (e.g., storage, software, ...), then it only shows the section summary. - -$ agama questions -Prints questions and allows to answer them. - -~~~ - -In those commands `` represents a YAML key from the config file (e.g., `root.ssh_key`) and `` is the value associated to the given key. Note that dots are used for nested keys. Let's see some examples: - -~~~ -# Set a product -$ agama config set product=Tumbleweed - -# Set user values -$ agama config set user.name=linux -$ agama config set user.fullname=linux -$ agama config set user.password=linux -$ agama config set user.name=linux user.fullname=linux user.password=12345 - -# Unset user -$ agama config unset user - -# Add and delete languages -$ agama config add languages en_US -$ agama config delete languages en_US - -# Set storage settings -$ agama config set storage.lvm=false -$ agama config set storage.encryption_password=12345 - -# Add and delete candidate devices -$ agama config add storage.candidate_devices /dev/sda -$ agama config delete storage.candidate_devices /dev/sdb - -# Add and delete storage volumes -$ agama config add storage.volumes mountpoint=/ minsize=10GiB -$ agama config delete storage.volumes mountpoint=/home - -# Reset storage config -$ agama config reset storage - -# Show some config values -$ agama config show storage.candidate_devices -$ agama config show user - -# Dump config into a file -$ agama config show > ~/config.yaml - -# Show info of a key -$ agama info storage.candidate_devices -$ agama info storage.candidate_devices /dev/sda -$ agama info languages -~~~ - -### Config file - -The current YAML config file needs to be extended in order to support the new storage proposal settings offered by the D-Bus API: - -~~~ -... - -storage: - candidate_devices: - - /dev/sda - lvm: true - encryption_password: 12345 - volumes: - - mountpoint: / - fstype: btrfs - - mountpoint: /home - fstype: ext4 - minsize: 10GiB -~~~ - -### Product Selection - -Agama can automatically infers all the config values, but at least one product must be selected. Selecting a product implies some actions in the D-Bus services (e.g., storage devices are probed). And the D-Bus services might emit some questions if needed (e.g., asking to provide a LUKS password). Because of that, the command for selecting a product could ask questions to the user: - -~~~ -$ agama config set product=ALP -> The device /dev/sda is encrypted. Provide an encryption password if you want to open it (enter to skip): -~~~ - -Another option would be to avoid asking questions directly, and to request the answer when another command is used (see *D-Bus Questions* section). - -If a product is not selected yet, then many commands cannot work. In that case, commands should inform about it: - -~~~ -$ agama config show -A product is not selected yet. Please, select a product first: agama config set product=. -~~~ - -### D-Bus Questions - -The CLI should offer a way of answering pending questions. For example, for single product live images the storage proposal is automatically done because the target product is already known. If some questions were emitted during the process, then they have to be answered before continuing using the CLI. Therefore, most of the commands would show a warning to inform about the situation and how to proceed: - -~~~ -$ agama config show -There are pending questions. Please, answer questions first: agama questions. -~~~ - -### Non Interactive Mode - -Commands should offer a `--non-interactive` option to make scripting possible. The non interactive mode should offer a way to answer questions automatically. Non interactive mode will be defined later in a following interation of the CLI definition. - -## Current CLI - -As reference, this was the old CLI: - -~~~ -dinstallerctl install # Perform the installation - -dinstallerctl config dump # Dump the current installation config to stdout -dinstallerctl config load # Load a config file and apply the configuration - -dinstallerctl language available # List available languages for the installation -dinstallerctl language selected [...] # Select the languages to install in the target system - -dinstallerctl rootuser clear # Clear root configuration -dinstallerctl rootuser password [] # Set the root password -dinstallerctl rootuser ssh_key [] # Set the SSH key for root - -dinstallerctl software available_products # List available products for the installation -dinstallerctl software selected_product [] # Select the product to install in the target system - -dinstallerctl storage actions # List the storage actions to perform -dinstallerctl storage available_devices # List available devices for the installation -dinstallerctl storage selected_devices [...] # Select devices for the installation - -dinstallerctl user clear # Clear the user configuration -dinstallerctl user set # Configure the user that will be created during the installation -dinstallerctl user show # Show the user configuration` -~~~ - - -Original post with discussion is at https://gist.github.com/joseivanlopez/808c2be0cf668b4b457fc5d9ec20dc73 diff --git a/rust/agama-cli/doc/backend-for-testing.md b/rust/agama-cli/doc/backend-for-testing.md deleted file mode 100644 index d23c993cf7..0000000000 --- a/rust/agama-cli/doc/backend-for-testing.md +++ /dev/null @@ -1,40 +0,0 @@ -# How to set up a backend for testing the CLI frontend - -I needed a testing instance of the Agama backend so that the -Rust command-line frontend has something to talk to. - -## Summary - -1. Take the container used for continuous integration (CI) testing of the - backend -2. Give it a git checkout of this repo -3. Install the backend within the container -4. Copy the frontend binary into the container - -## Considered Alternatives - -My first plan had a different finale, 4. Make the D-Bus service visible -ouside the container, but I hit an issue with D-Bus authentication, hopefully -solvable. (Update: `xdg-dbus-proxy` seems to work, ask mvidner about it) - -Josef wanted to test against a different container (`d-installer-backend`) but that one was a -bit old and the D-Bus API was mismatched between frontend and backend. - -## Details - -The container used is built in -[OBS systemsmanagement:Agama:Staging/agama-testing][agama-testing] and -downloaded from registry.o.o specified below. - -[agama-testing]: https://build.opensuse.org/package/show/systemsmanagement:Agama:Staging/agama-testing - -I basically picked the useful bits from the `integration-tests` part -of [.github/workflows/ci.yml][ci.yml]. - -[ci.yml]: https://github.com/openSUSE/agama/blob/25462f57ab695d6910beb59ff0b21a7afaeda47e/.github/workflows/ci.yml - -## Resulting Script - -The script, which used to be inlined here, is now at -[`/testing_using_container.sh`](../../../testing_using_container.sh). ->>>>>>> 8f2f0404 (copied the script part of rust/agama-cli/doc/backend-for-testing.md) diff --git a/web/README.md b/web/README.md index 24f3db9d1c..691c045eca 100644 --- a/web/README.md +++ b/web/README.md @@ -21,7 +21,7 @@ use this command: The extra `--open` option automatically opens the server page in your default web browser. In this case the server will use the `https://localhost:8080` URL -and expects a running `agama-web-server` at `https://localhost:9090`. +and expects a running `agama-web-server` at `https://localhost:3000`. This can work also remotely, with a Agama instance running in a different machine (a virtual machine as well). In that case run