appliance-config

Configuration system for a network appliance

Screenshot Screenshot

Overview

Appliance-config is a web-based configuration system intended for use on network appliances. The core functionality of the system provides the following features:

  • Fileserver (WebDAV, NFS and SMB)
  • CUPS-based print server
  • Backup and restore system

The backup system can replicate data to an external disk or an external host that also runs appliance-config. When backing up to a remote host, appliance-config can encrypt the data so that the owner of the remote host can not read it. In this way, two people can help each other by hosting a backup without nessessarily sharing the data that is backed up.

Additional functionality may be implemented as a module. Appliance-config uses a CGI-based tool to present configuration options to an administrator. After configuration options are saved, the system invokes a backend to implement any necessary changes to system services. The system's backends are written primarily as bash shell scripts.

Nasty Details

As documented in the overview, the appliance-config system consists of a daemon that runs as root and modules that handle configuring services.

  1. The daemon waits for notification that a configuration has changed. After receiving a notification, the daemon executes the modules' backend scripts.
  2. Each configuration module consists of:

CGI Program
When executed by a GET, the program displays a form. When executed by a POST, it writes configuration data to a file or directions to a spool and notifies the daemon of the change.
Configuration File
Configuration files are written by the CGI programs.
Backend Script
Executed by the daemon after the daemon receives a notice. Reads appliance-config configuration files and writes system configurations based on templates. Reconfigures and restarts system services. May also read a spool and perform some action based on its contents.

My research interests include free and open source software, system security, and network security.