Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, what should we do here? I conclude that neither Olaf nor I are particularly thrilled from your idea. On the other hand I can also see how you have some valid points - despite of a very specific use case you have. Hence I guess its decision time. Any proposals? - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOitXYAAoJEMcrUe6dgPNtjhQP/RIUrqa3lNHapfXbB8sycpv+ t+28EuF+SUMlz5HrA3UWQWLSdDmor86C0btBDa/fp3GWjqMLADVBErqc1IPRympE Xoiwkr7vFHs5a2q91I5OJKgUo6anjDHxW++VqJTK4bSdFFlm5mzBR+gKJtORbbzN Lf2LL2eWVAVaMU9HcYcLWtGqWVmFTgI6SlLAY07ZWG4VvSGCA82g8hF1liCr5WtK ZTpsixop1na9mLIMqthGgQnKLPFYYFnz8RHAk/9JwVmfRVudYxKdFdR9SxtFgIsg 26hVysv7CaqM2bBZv9dwRZXrwCUkFq3V8LyBwFMaAQW4VODrAE7a86+fYyg/fy1o YxT4yhajTyus84qEVe/+Qpg7jAq+nRB0UCmq6oUThXs+i3hMSC3CKPuBWTBlP6wY 0MevRdET1YuljPY3W3Qc+/893okwKDH1yaYLQbiC2alehLr8szl2yf2TGAHde3TO occKyAxg3fYyDuMKgkQOwY+h0AVlYVFpOrLorT84ZKmN4nf3cH/9U6EfHX9Gb1ML E2h+RrS9xr4hj7xKcNj59kLeLblTKzR/MVLudUOu8WGIqUWPhHvhRPDAuHWTZBeP hQHWVouG3utrcmKh7/2Y+TxStvxnYBTZZSeSdCHAf0Ul9/haf8L5NYcpEzn/QJLe qqeBEf+YlyLakRvvS1+T =xf4Y -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
what should we do here? I conclude that neither Olaf nor I are particularly thrilled from your idea. On the other hand I can also see how you have some valid points - despite of a very specific use case you have. Hence I guess its decision time. Any proposals? Hmm, do you have anything specifically against breaking out those handful of directives into debian.conf/platform.conf, that would outweigh the benefits of making automated configuration management easier to handle? Yes, it might make it more difficult to find specific directives if they're spread across two files instead, but at least in this case the files will both be small enough that it shouldn't really be a problem in practice. Thanks, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
On Tue, Oct 4, 2011 at 1:08 PM, Adam Nielsen a.niel...@shikadi.net wrote: but at least in this case the files will both be small enough that it shouldn't really be a problem in practice. Shouldn't? Really? Those qualifications indicate potential problems. Splitting lighttpd.conf makes things harder for the majority of users. For some, it might make things a little bit easier. The only conclusion I can draw is that it should not be split. Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
but at least in this case the files will both be small enough that it shouldn't really be a problem in practice. Shouldn't? Really? Those qualifications indicate potential problems. Not really, it just means that there will be some small number of users who will need to do things differently, e.g. those who refuse to put logs in /var/log or similar. I would say more than 99.9% of users wouldn't notice. Splitting lighttpd.conf makes things harder for the majority of users. For some, it might make things a little bit easier. The only conclusion I can draw is that it should not be split. If you're really that much against the idea then I won't try to persuade you otherwise. All I can say is that it would make life much easier for anyone who uses tools to manage the config files, and I would be surprised if anyone else had any problems with it at all. For the record, most other packages for server apps have their Debian-specific settings elsewhere - either in separate config files or in /etc/default/* so the idea isn't anything unusual. In fact I've been able to configure my whole server through Puppet and only lighttpd and squid required Debian-specific paths to be hard-coded (luckily for Squid it was one path in /var/log which is the same everywhere so it wasn't a problem.) But, if you really dislike the idea that much, I will treat lighttpd as a special case and duplicate all the Debian paths and options in my config repository :-( Cheers, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: lighttpd always binds to IPv6 on TCP port 80
On 10/04/2011 01:34 PM, Olaf van der Spek wrote: On Tue, Oct 4, 2011 at 1:08 PM, Adam Nielsena.niel...@shikadi.net wrote: but at least in this case the files will both be small enough that it shouldn't really be a problem in practice. Shouldn't? Really? Those qualifications indicate potential problems. Splitting lighttpd.conf makes things harder for the majority of users. For some, it might make things a little bit easier. The only conclusion I can draw is that it should not be split. I disagree. The proposed settings in platform.conf should only be changed by the package maintainers or very experienced users who know that they'll have to change many other things like logrotate, init scripts and so on, so it is ok to put them into a separate file. Oh, and btw: the config is already splitted anyway, so why do you care about another extra file? Otoh it is true that probably not all platforms would provide a similar config, so i'm not sure how useful this is for puppet users. perhaps it would be better to extract those settings from the current config (lighttpd -p -f /etc/lighttpd/lighttpd.conf | grep ... new-puppet-plaform.conf) in a puppet run. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: lighttpd always binds to IPv6 on TCP port 80
Otoh it is true that probably not all platforms would provide a similar config, so i'm not sure how useful this is for puppet users. perhaps it would be better to extract those settings from the current config (lighttpd -p -f /etc/lighttpd/lighttpd.conf | grep ... new-puppet-plaform.conf) in a puppet run. My hope is that eventually all platforms would do it this way, but someone has to be first! Perhaps, as Arno suggested previously, upstream would be willing to provide a split config like this so that other distros could follow the lead? Interesting idea about extracting the config options. I'd be a little worried though about extracting the options, appending my own, then writing it back to lighttpd.conf. If anything ever went wrong it would be very easy to severely break the config file on subsequent runs. There's no /etc/default/lighttpd either that you could change to point lighttpd at a different config file either, to preserve the original. Cheers, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: lighttpd always binds to IPv6 on TCP port 80
On Tue, Oct 4, 2011 at 1:52 PM, Stefan Bühler stbueh...@lighttpd.net wrote: On 10/04/2011 01:34 PM, Olaf van der Spek wrote: On Tue, Oct 4, 2011 at 1:08 PM, Adam Nielsena.niel...@shikadi.net wrote: but at least in this case the files will both be small enough that it shouldn't really be a problem in practice. Shouldn't? Really? Those qualifications indicate potential problems. Splitting lighttpd.conf makes things harder for the majority of users. For some, it might make things a little bit easier. The only conclusion I can draw is that it should not be split. I disagree. The proposed settings in platform.conf should only be changed by the package maintainers or very experienced users who know that they'll have to change many other things like logrotate, init scripts and so on, so it is ok to put them into a separate file. I'm not sure why that would make it ok to move them to another file. Oh, and btw: the config is already splitted anyway, so why do you care about another extra file? No extra conf files are enabled by default. And the extra conf files are all module specific. -- Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: lighttpd always binds to IPv6 on TCP port 80
On Tue, Oct 4, 2011 at 2:07 PM, Adam Nielsen a.niel...@shikadi.net wrote: Interesting idea about extracting the config options. I'd be a little worried though about extracting the options, appending my own, then writing it back to lighttpd.conf. If anything ever went wrong it would be very easy to severely break the config file on subsequent runs. There's no /etc/default/lighttpd either that you could change to point lighttpd at a different config file either, to preserve the original. Grep hackery should be avoided, especially with a complex conf format like Lighttpd's. -- Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04.10.2011 13:56, Adam Nielsen wrote: If you're really that much against the idea then I won't try to persuade you otherwise. All I can say is that it would make life much easier for anyone who uses tools to manage the config files, and I would be surprised if anyone else had any problems with it at all. Well, you're the first to complain at least :) For the record, most other packages for server apps have their Debian-specific settings elsewhere - either in separate config files or in /etc/default/* so the idea isn't anything unusual. Please note, /etc/default is not for Debian specific configuration settings, but for environment variables and startup configuration the init script parses to start a given daemon in a sensible way. You will not find any configuration file in it. But, if you really dislike the idea that much, I will treat lighttpd as a special case and duplicate all the Debian paths and options in my config repository :-( I discussed your bug with some other people earlier today, and they all agreed that the bug is more likely a limitation in Puppet than in Lighttpd (some claimed you could do, what you want in Puppet - I don't know). There was a clear tendency towards wontfix. Anyway, what would you think about a /etc/lighttpd.conf.local setting we would reference in the default configuration where you could add additional core settings. Please note, it would not quite solve your problem as you can't override certain settings and/or undo some conditionals like we do for IPv6, but at least you could add site local configuration settings as you like. I guess, we would fill anything in a .local file though, so you could safely put anything in there without having problems with merge conflicts on update. - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOi5oXAAoJEMcrUe6dgPNtS54QAM7r/ykqm+eQxN0jEUd2BfYl OX4GYeRSdEj9oDkjUpMmJcJr77vkv2LNXKL7kXlP9ejgcMSf7ma9G1pe4N7Ar/Fe LtPviRNAxmue1oBe1z1Sp2dTRVkhsGph/p/NaAyVhuOM+JqCiFUQ5cu4TNEa7OTr QrEe+Z14zeVbkfT0PDWsIQOgiTEyOQ8HuqxGPE/G8QGi71USpxbJ6M8d21TGvUY8 DAa+VWNYvIjgeQICd5OS+ygdmOw1e+8qdjBimResQgbrbj5DhATxVLDIn76A6PQo MLnRk7CSb5ebl6wE87m07M3gZ0u2yWkHnPB8/5EbArIiwsDvGUYB3Ufw4hXnZdBX qB6xg/MIaKgm/4c8t4/Pzv7vncG7M9Qe7Sngt1vZ6sj35fPWYqu9wCJeWRTXD6ZB I9d+7r1rkKajxa/diQyHfjqaecp8nJnmQ5oXyT3Orc56sjrAXFKniiy/ezIcwolL UViBCGMA1ZIKDBPyvFOxk3+kcTvtdKAnM2llPrjpcZPQmtaKfKiN0gHEfz2ssAoy HBbGzENf/fwH3+j+2d9uzUR3rduKACWZeqYrtu+ARxymYio/dI1Z632j2Ny85vGN iGGxEY6tvgRl7E1nHVT2KSV9ZqB23nJUFEZjUOFJGjdnslcSHNgPQ8DmJCympKSa p2fLIEoEt39BGpK60Hn+ =iErU -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: lighttpd always binds to IPv6 on TCP port 80
I get your point, but I consider every setting in /etc specific to Debian, but yet allowed and suggested to be changed by the user. Note, we don't distinguish between settings supposed to be changed by users and those considered a distribution specific detail. Of course it does not make too much sense to change things like the pidfile setup, but on the other hand, that's totally left to the user and we should support that. I have no problem with supporting it, but likewise I think segregating it would be useful too without introducing any limitations. For example, while unlikely, if Debian decides that all pidfiles should now go into /tmp instead, all users will have to examine lighttpd.conf and merge in the change. Those people using a configuration management system like Puppet won't get to see dpkg's nice output, and will have to merge the changes by hand in their repos and push them out to all their machines. But if the options were in debian.conf instead, 99% of users won't have modified it so it will be updated automatically, even for Puppet users. Those who have changed these options are the ones who need to examine the change, and that will happen as expected if they've modified that .conf file. Also I am pretty sure, whatever we choose, some other users will disagree and fine some other partitioning more useful. That's true, but my argument is that you shouldn't impede progress just in case someone might come along with a better idea one day :-) I realise you don't want to keep changing things, but to be honest, if each change is backwards compatible then you are incrementally improving things, which is always good. Well, you realize you still have to have something like include debian.conf in the main lighttpd.conf which would hardly be the same on all Linux distributions? It would if you called it platform.conf instead :-) But to be honest the issue is not about distro-specific tweaks, the problem is when you have to duplicate options that may be changed with a package upgrade. I can put in my Puppet config if distro is debian, include debian.conf and then forget about it, and it doesn't matter if Debian move the pidfile path or some other platform-level change. As long as the package manager will overwrite my unmodified debian.conf as needed, I don't need to care about the change. So, to summarize: you want: /etc/ligttpd/lighttpd.conf: + include debian.conf + include default.conf + include_the_conf_enabled_stuff debian.conf: distribution specific settings (pidfile, user name?) default.conf: everything else Yes, exactly. Ideally (perhaps except for the document-root) you should be able to move default.conf unchanged between Debian and other distros and have it just work. Cheers, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
On Fri, Sep 30, 2011 at 9:23 AM, Adam Nielsen a.niel...@shikadi.net wrote: I have no problem with supporting it, but likewise I think segregating it would be useful too without introducing any limitations. For example, while unlikely, if Debian decides that all pidfiles should now go into /tmp instead, all users will have to examine lighttpd.conf and merge in the change. Those people using a configuration management system like Puppet won't get to see dpkg's nice output, and will have to merge the changes by hand in their repos and push them out to all their machines. Isn't that a limitation of Puppet? That's true, but my argument is that you shouldn't impede progress just in case someone might come along with a better idea one day :-) I realise you don't want to keep changing things, but to be honest, if each change is backwards compatible then you are incrementally improving things, which is always good. The point is that it's not a perfect improvement. Having conf bits in more files means it's harder for a normal user to find/read/update all bits. We do agree that (in principle) it would be nice to support stuff like Puppet better. So let's say we've got lighttpd.conf and platform.conf. Where would the ipv6 include go? I'd say platform.conf. Since you wanted to disable the ipv6 include, you'd have to modify platform.conf and you'd have the same problem as you do now, right? -- Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
On Fri, Sep 30, 2011 at 11:55 AM, Adam Nielsen a.niel...@shikadi.net wrote: It is a limitation I think of any/every configuration control system. Why can't it show the diff / update like dpkg does? The point is that it's not a perfect improvement. Having conf bits in more files means it's harder for a normal user to find/read/update all bits. That's true, but then in this case the user already has to find/read/update the bits in the conf-available directory so one more split shouldn't come as a surprise. By default no confs are enabled there. We do agree that (in principle) it would be nice to support stuff like Puppet better. So let's say we've got lighttpd.conf and platform.conf. Where would the ipv6 include go? I'd say platform.conf. Since you wanted to disable the ipv6 include, you'd have to modify platform.conf and you'd have the same problem as you do now, right? Not quite. Since enabling IPv6 support works the same on any distro, it shouldn't go in the platform-specific section. I would say, as a rough Does it? The IPv6 code is Debian specific (AFAIK). guide, anything you *must* change from the upstream lighttpd.conf to make it fit into Debian (user/group, pidfile, etc.) would go into platform.conf, and anything you change just to make it nicer (like IPv6 or the default module list) can go into some other file. For example, I would only expect these options to be in platform.conf: server.upload-dirs = ( /var/cache/lighttpd/uploads ) server.errorlog = /var/log/lighttpd/error.log server.pid-file = /var/run/lighttpd.pid server.username = www-data server.groupname = www-data compress.cache-dir = /var/cache/lighttpd/compress/ Those are quite unlikely to change, so what benefit do you get from moving them to another file? Note that the main lighttpd.conf has already been minimized. With a new daemon version yes, but with a security update or similar where the version is unchanged it may not be necessary. Say for example you had accidentally set the lighttpd user to root and the default document-root to /. The web server would still work and when the mistake is realised the platform.conf could be easily updated to correct the mistake, without requiring any config merging. Security (and stable) updates are unlikely to contain updated conf files. BTW, I've requested upstream to enable IPv6 by default or to provide a better/easier way to enable it. Unfortunately they didn't want to do this for 1.4. Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: lighttpd always binds to IPv6 on TCP port 80
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, On 30.09.2011 09:23, Adam Nielsen wrote: if Debian decides that all pidfiles should now go into /tmp instead, all users will have to examine lighttpd.conf and merge in the change You always need to check major upgrades for changes and incompatibilities anyway. In particular there is no guarantee your old configuration file will work with the new daemon version. I realise you don't want to keep changing things, but to be honest, if each change is backwards compatible then you are incrementally improving things, which is always good. that's only partly true. :) I just hate splitted configuration files personally because I prefer one single file where I can see all things I need to know at one sight. Sometimes it makes sense to split files, e.g. for actual configuration vs site/vhost configuration but most of the time settings spread randomly throughout different files are hard to read, to understand and to configure in my opinion. This does not mean, I won't do what you suggest but you need to convince me, why your layout is much better than mine (well - or you convince Olaf). Yes, exactly. Ideally (perhaps except for the document-root) you should be able to move default.conf unchanged between Debian and other distros and have it just work. I'm afraid, but we have no influence at all what other distributions choose as configuration layout and/or which files they ship. Eventually Suse (or whatever) still continues to ship a lighttpd.conf happily specifying their own pidfile stuff there. If you want to introduce such a change among all Linux distributions, you better get upstream to split their configuration files out of the box to make sure distributions will follow more likely. - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOhYV/AAoJEMcrUe6dgPNtHXsQANBhHutWDcpzJlmTBoWeekyn hKtBxHBPmVy1goJyIO0YpwBcSbmvLnhOPmpmPMMuWI02mTAqKNPY/xF1QSJj7FH5 +O48H2qaXV749wmb81+wUxfc8KCmraga4gmYpLTKO/n0KCTMMWcjHwzyt9HFe/ec V7owi+DKQn6J8/BMR4+0x26qy1wd2jhaGwEe1hCOSv7KDlTqXUNAYs4Xg9v2RX8l rJqI2SURlpSUeXRmjTv0urxeIIMCD8vjEHdDBAG+OmPuyXr64QDUiOdl3bPud8+0 K5Co+Z6XbJFzXyco0LEYKlcsLaqwWmxPi7rm+y7H0/NzGIut/DA5rL1RwGYBvq8d hv94cdl93kQ+GhhCVBiovrEizS6vJkLKjMioxkbMSnb8bTPassvcb0XrUOXbhQUF wKCWzTOLBF891GuU/t6QEVlCb0oET5cKcBFNWocCIDZeTtpAmvYlC35NVo4L/MyE KuKEW6L8tW+cMF8yTQyEHPfWb1McgBPpKJGXNQMRsnagONNv/3b8W9leGvE3qI5d fc24Hs92RVOC+5861C92riq/pg4FXQYHLSWc+D69d2CLv2/4toUajOXa8FExVtxZ 463rTNVIM0DbQ19iNMBJrf7cYDNkYnbSNtYgHYVjiiMdJ4dh+T87oP8yZCVxjwKu 2HIRQQIL3Yd/Vm7roDSP =Csz4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
On Fri, Sep 30, 2011 at 12:35 PM, Adam Nielsen a.niel...@shikadi.net wrote: It is a limitation I think of any/every configuration control system. Why can't it show the diff / update like dpkg does? It could, but because it's designed to control large numbers of machines it would need some careful planning to avoid showing the same/similar diff dozens of times. It's also distribution neutral, so it would have to be able to parse output from many versions of dpkg (not just the latest), as well as 'emerge' on Gentoo and countless others. Since Puppet runs as a daemon (syncing changes every 15 minutes or so) there would need to be some way of notifying a user, e.g. via e-mail and having them respond. It would certainly be doable, but it's a huge job, so I don't think it's a surprise nobody has done it yet. So how does it handle updated conf files? Not quite. Since enabling IPv6 support works the same on any distro, it shouldn't go in the platform-specific section. I would say, as a rough Does it? The IPv6 code is Debian specific (AFAIK). The code is Debian specific but the resulting lighttpd options aren't. If you're using Puppet to configure lighttpd you are unlikely to want to autoconfigure IPv6, Why? Are IPv6 and Puppets no friends? so you would hard-code the IPv6 stuff in the config file if you wanted it on, and not use the Debian script. If you did want to autoconfigure it you'd include your own script (or copy the Debian one...) so it worked on any distro. The benefit is simply that you don't have to maintain those options in your configuration repository, keeping it as distribution-neutral as possible. Right Security (and stable) updates are unlikely to contain updated conf files. BTW, I've requested upstream to enable IPv6 by default or to provide a better/easier way to enable it. Unfortunately they didn't want to do this for 1.4. I think the way you have done it is fine for anyone editing the configuration by hand, it just unfortunately doesn't make it as clean when using an automated tool. I think this was the original reason behind the general move to conf.d style directories - so automated tools could add and remove configuration options without having to modify individual files. Split configs also avoid conflicts when automated tools aren't used. Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
It is a limitation I think of any/every configuration control system. Why can't it show the diff / update like dpkg does? It could, but because it's designed to control large numbers of machines it would need some careful planning to avoid showing the same/similar diff dozens of times. It's also distribution neutral, so it would have to be able to parse output from many versions of dpkg (not just the latest), as well as 'emerge' on Gentoo and countless others. Since Puppet runs as a daemon (syncing changes every 15 minutes or so) there would need to be some way of notifying a user, e.g. via e-mail and having them respond. It would certainly be doable, but it's a huge job, so I don't think it's a surprise nobody has done it yet. Not quite. Since enabling IPv6 support works the same on any distro, it shouldn't go in the platform-specific section. I would say, as a rough Does it? The IPv6 code is Debian specific (AFAIK). The code is Debian specific but the resulting lighttpd options aren't. If you're using Puppet to configure lighttpd you are unlikely to want to autoconfigure IPv6, so you would hard-code the IPv6 stuff in the config file if you wanted it on, and not use the Debian script. If you did want to autoconfigure it you'd include your own script (or copy the Debian one...) so it worked on any distro. Those are quite unlikely to change, so what benefit do you get from moving them to another file? Note that the main lighttpd.conf has already been minimized. The benefit is simply that you don't have to maintain those options in your configuration repository, keeping it as distribution-neutral as possible. Security (and stable) updates are unlikely to contain updated conf files. BTW, I've requested upstream to enable IPv6 by default or to provide a better/easier way to enable it. Unfortunately they didn't want to do this for 1.4. I think the way you have done it is fine for anyone editing the configuration by hand, it just unfortunately doesn't make it as clean when using an automated tool. I think this was the original reason behind the general move to conf.d style directories - so automated tools could add and remove configuration options without having to modify individual files. Cheers, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
Thanks both for your replies, I have responded to both below. From: Olaf van der Spek olafvds...@gmail.com Those people using a configuration management system like Puppet won't get to see dpkg's nice output, and will have to merge the changes by hand in their repos and push them out to all their machines. Isn't that a limitation of Puppet? It is a limitation I think of any/every configuration control system. The point is that it's not a perfect improvement. Having conf bits in more files means it's harder for a normal user to find/read/update all bits. That's true, but then in this case the user already has to find/read/update the bits in the conf-available directory so one more split shouldn't come as a surprise. We do agree that (in principle) it would be nice to support stuff like Puppet better. So let's say we've got lighttpd.conf and platform.conf. Where would the ipv6 include go? I'd say platform.conf. Since you wanted to disable the ipv6 include, you'd have to modify platform.conf and you'd have the same problem as you do now, right? Not quite. Since enabling IPv6 support works the same on any distro, it shouldn't go in the platform-specific section. I would say, as a rough guide, anything you *must* change from the upstream lighttpd.conf to make it fit into Debian (user/group, pidfile, etc.) would go into platform.conf, and anything you change just to make it nicer (like IPv6 or the default module list) can go into some other file. For example, I would only expect these options to be in platform.conf: server.upload-dirs = ( /var/cache/lighttpd/uploads ) server.errorlog = /var/log/lighttpd/error.log server.pid-file = /var/run/lighttpd.pid server.username = www-data server.groupname= www-data compress.cache-dir = /var/cache/lighttpd/compress/ From: Arno Töll deb...@toell.net You always need to check major upgrades for changes and incompatibilities anyway. In particular there is no guarantee your old configuration file will work with the new daemon version. With a new daemon version yes, but with a security update or similar where the version is unchanged it may not be necessary. Say for example you had accidentally set the lighttpd user to root and the default document-root to /. The web server would still work and when the mistake is realised the platform.conf could be easily updated to correct the mistake, without requiring any config merging. I just hate splitted configuration files personally because I prefer one single file where I can see all things I need to know at one sight. Sometimes it makes sense to split files, e.g. for actual configuration vs site/vhost configuration but most of the time settings spread randomly throughout different files are hard to read, to understand and to configure in my opinion. That is a valid point, and unfortunately not one I can counter argue. If you are editing by hand then yes, a single file is nice, but if you are editing by machine then separate files are easier to handle. Perhaps, if you have a large enough file, it will also be difficult to find the section you want. But with nicely-named separate files, it can be made easy to locate the section you are interested in. I'm afraid, but we have no influence at all what other distributions choose as configuration layout and/or which files they ship. Eventually Suse (or whatever) still continues to ship a lighttpd.conf happily specifying their own pidfile stuff there. One more reason not to use Suse then, if they make it difficult :-) Also you say you have no influence over other distros, but I don't think you give yourself enough credit. There are many distributions that are based on Debian! If you want to introduce such a change among all Linux distributions, you better get upstream to split their configuration files out of the box to make sure distributions will follow more likely. This is an interesting idea, but upon closer investigation, probably not practical. The upstream config file has defaults like storing the log files next to the document-root, which the Debian package has overridden and changed to /var/log. So in upstream, there would be no need to split that option out, but in Debian there is because of the change. So I would argue that since you are changing the option anyway, you may as well change it in a separate file :-) Thanks again for being so willing to discuss this, you have given me plenty to think about! Cheers, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: Bug#642604: lighttpd always binds to IPv6 on TCP port 80
Why can't it show the diff / update like dpkg does? nobody has done it yet. So how does it handle updated conf files? I'm not entirely sure. It runs dpkg in non-interactive mode, which means it would either overwrite configs without asking (and then overwrite them again with what's in the Puppet repo) or flag it as an upgrade failure and require manual intervention. Personally I have configured Puppet not to upgrade anything automatically so I can do distro upgrades by hand, as I only have a small number of servers to maintain. People with large numbers of servers may automatically upgrade one or two, test them, fix any problems by updating the config repo, then upgrade the rest with the fixed config. The code is Debian specific but the resulting lighttpd options aren't. If you're using Puppet to configure lighttpd you are unlikely to want to autoconfigure IPv6, Why? Are IPv6 and Puppets no friends? Sorry, let me rephrase - if you are using Puppet to configure lighttpd, you almost certainly don't want IPv6 support left as 'autodetect'. You will either enable it or disable it. The Debian script only enables IPv6 if it is available, which is great for having it 'just work' on a newly installed machine which may or may not have IPv6 available. However people going to the effort of using Puppet to manage their configuration generally want to know exactly how each machine is configured, and setting things to autodetect introduces some unpredictability into the mix. For example if you want to deploy an IPv6 capable web server and for some reason the machine doesn't have IPv6 support, the Debian script would happily start lighttpd in IPv4-only mode, and you would not realise the mistake until someone reported that they could not connect to the server over IPv6. But if you forced IPv6 on in the lighttpd config, it should fail to start without IPv6. Your other monitoring tools would then pick up that lighttpd wasn't running and alert an admin for an immediate fix. Cheers, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: lighttpd always binds to IPv6 on TCP port 80
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Adam, On 29.09.2011 07:25, Adam Nielsen wrote: That's a fair point, and to explain my reasoning in a bit more detail, my problem is that I want to leave the Debian-specific parts of the configuration alone. At the moment there is one config file that sets everything, from Debian-specific options like log and pidfile paths to generic options like index-file names, as well as user-configurable options like listening port numbers. I get your point, but I consider every setting in /etc specific to Debian, but yet allowed and suggested to be changed by the user. Note, we don't distinguish between settings supposed to be changed by users and those considered a distribution specific detail. Of course it does not make too much sense to change things like the pidfile setup, but on the other hand, that's totally left to the user and we should support that. Also I am pretty sure, whatever we choose, some other users will disagree and fine some other partitioning more useful. My personal opinion is that it would work best splitting lighttpd.conf into a couple of files, outside the conf-available directory. One of these could be named debian.conf (or platform.conf) and contains all the log/pidfile paths and other options that should not normally change if you're doing things the Debian way, and it would be maintained by the package manager so it could potentially be updated if something specific to Debian changes. Well, you realize you still have to have something like include debian.conf in the main lighttpd.conf which would hardly be the same on all Linux distributions? Note, we do upgrade configuration files anyway. Whenever you update Lighttpd to a new version, your configuration file will be replaced by our new configuration (presuming you didn't change it). If you changed it, you are being prompted what dpkg shall do and differences are shown to you. See [1] for details on how conffiles (lighttpd.conf is such an example) are handled in Debian. At any rate, lighttpd.conf would then include these files and the conf-enabled ones so that people such as myself could simply replace the default.conf as needed, and not have to worry about keeping any of the platform-specific options up to date. So, to summarize: you want: /etc/ligttpd/lighttpd.conf: + include debian.conf + include default.conf + include_the_conf_enabled_stuff debian.conf: distribution specific settings (pidfile, user name?) default.conf: everything else [1] http://www.debian.org/doc/debian-policy/ap-pkg-conffiles.html - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOhQJhAAoJEMcrUe6dgPNt9tMP+QEBNpmeTYnKLRkGolx+Au/X sNopq1zh3HtJntArtDz4HsFnAIbal6KD+2oTYPXUJ+N8gnxo9dHA7e1tFST7bJ2p umRPwmiNfCLyF8QG5JjcNqrQY/sKXfZlCrTDlSD1zZP72vUo+5HbyW+zOJ0VlsX8 RLkLLcSuFzf4Tf2NHNzpb6XUgyhCOZPj3ChKdsd/H8XTzmldMV5DKHJy6xtzM/ma XZE/a/QakPVz4EoYHXuwwxVUUwFA0J9a1TPy6SoblU6hSL1jqAqBvzODVswU0XBo NtdU0WZ6weGFO5WHERRaTjkiMm7QpWY9aujmT7ZlJ9fkYQqQtZxDb8pDqhhjj2x8 TFAz+2PQI7dLUKQRUZOj1np6CKNLxFkavv2jc+FRr6wayMw9n0klTk3pCT17n9Ky 9x1C3UQK3Exhn6pSe7Q11iK+y1ALBX/xBk51KLOkiTHOcYa3illaWHWXwa7wL7Zf aj35OSLlWv45ZTxOWZa62Wu/J+Nx3NMiIp1LIhOh+n8gExFeixjUkmB521f/NDnE ZwNYN4vkwmXXI9BiQdsZLuZozddFnwrfs+Gl7tBsIObbEuTyEcyHZKppgcq8aADw xN/Ct+CdjJ9A4A0cXPqtYwpzf3r6USFUNg80QDAQsG9En827f3QHePZ/yxcyTLSb JUtck1IqIG37v5l9Qmyt =ViA9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: lighttpd always binds to IPv6 on TCP port 80
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Adam, On 25.09.2011 02:23, Adam Nielsen wrote: Thanks for the quick reply! That would be fine - removing a symlink is no problem, as it doesn't require touching anything else. I discussed your bug report with Olaf and we came to the conclusion that having core settings like server and socket setup in conf-available/-enabled is the wrong approach. This setup is merely for module setup and configuration for our own and other package maintainer's modules. We just can't move out every single bit of possible configuration to such separate files, especially not core settings. Where should that end? Especially since IPv6 is/was a Squeeze release goal and has thus to be enabled anyway. I see your point is legit for your personal use case, but I'm sorry, we just can't satisfy everyone with our default configuration and configuration files are there to be changed by the user. This is why we are especially careful when changing them in Debian. Do you have another idea how we could meet both of our point of views: yours and ours (note: Lighttpd has no machine readable/writable configuration file, e.g. like Postfix)? - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOg2PBAAoJEMcrUe6dgPNtgd0P/1vX6EUS7dXb1+SUFQZ/9T3t qNMy7D5f07iXZwMPrH+dUVgpQ2GD6ppAsoRK+uWURVKk4fiNwt/FjeRa2LzOFZlM EBmqd/j5JJHFnyDGKhR+JglW8qZ9U7pY+E+/b7QaHE6opyXQ69m+PgXaaXLNHpeB mDpMaHjiHv6RoDmGx9ygYDXfaK/kRrkf22UTsmgbdwjKPqFX9ugcM6Q6rAKVhw/j CWHmen/6DFFv/jUHFOzDWyeXsldcjzHYSOCKRQ2jr+o+KIt4CTYJAN8f+G6tzarG tj1exES2Ip74vTxQ2yl83Wz0rQeQck+PHftMHCUONcHImswo7cBlJPrmf2UdF4lg nbaKRZ1L1ZrruFU/p47eNAipSZuQef2gs7+39HQkcZfy0cSwTXafDIyOt60bK10A v5H5R5Tpwrm/8ZW74zusZXi4Vd7pKcPNNVnLHLqaNH6hnmCGsIFruYIKeaqmd9II XQTaFEzrCFjbT5slJ1GKb/dB5p3GsXTd5UpHOsrkkplz2GZL5Q17OfAVi98qTBfG bfdEIwYwwwcjgaqXqGRxYYcHlInrnBCRq1bzckn4PS+/4W/NxqAgodyQmH5r6Zgd HQgow4aOBJL4s/Q8jVZweI9dOaNTAfDnqEvUxSHw55awEmfzRFup6mDwgXbMQKs8 amWp1aoX81782nfkLVpC =i4Dt -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: lighttpd always binds to IPv6 on TCP port 80
I discussed your bug report with Olaf and we came to the conclusion that having core settings like server and socket setup in conf-available/-enabled is the wrong approach. This setup is merely for module setup and configuration for our own and other package maintainer's modules. We just can't move out every single bit of possible configuration to such separate files, especially not core settings. Where should that end? Especially since IPv6 is/was a Squeeze release goal and has thus to be enabled anyway. That's a fair point, and to explain my reasoning in a bit more detail, my problem is that I want to leave the Debian-specific parts of the configuration alone. At the moment there is one config file that sets everything, from Debian-specific options like log and pidfile paths to generic options like index-file names, as well as user-configurable options like listening port numbers. The problem is then when someone wants to change a non-Debian option (like the IPv6 port) in a tool like Puppet which works at the file-level, they are required to duplicate all the Debian-specific options in their config repo as well because they're in the file you want to overwrite. Since Puppet is designed to work with different distributions, ideally you only want to include configuration options common to all distros - things like pidfile paths should be left to the package manager. My personal opinion is that it would work best splitting lighttpd.conf into a couple of files, outside the conf-available directory. One of these could be named debian.conf (or platform.conf) and contains all the log/pidfile paths and other options that should not normally change if you're doing things the Debian way, and it would be maintained by the package manager so it could potentially be updated if something specific to Debian changes. The rest of the options could go into default.conf which would include IPv6 support and be similar to the example config that ships with other packages. It would be nice if some of these options (like index-file, which changes rarely) was split out into core.conf, but then of course you're back debating what's core and what's user-configurable. At any rate, lighttpd.conf would then include these files and the conf-enabled ones so that people such as myself could simply replace the default.conf as needed, and not have to worry about keeping any of the platform-specific options up to date. Do you have another idea how we could meet both of our point of views: yours and ours (note: Lighttpd has no machine readable/writable configuration file, e.g. like Postfix)? I think the debian.conf approach would be a small enough change that it could work. Certainly it would solve my problem. Hopefully you don't find the idea too repulsive :-) Cheers, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: lighttpd always binds to IPv6 on TCP port 80
Package: lighttpd Version: 1.4.28-2 lighttpd ships with a line in the default config which calls /usr/share/lighttpd/use-ipv6.pl, the idea being to bind to port 80 on any IPv6 interface, if present. Unfortunately this has two drawbacks: 1) You are forced to have IPv6 on, even when server.use-ipv6 is set to disabled 2) You are forced to listen on port 80 on the IPv6 interface, whether you want to or not (for the record I don't want to, as squid is listening there instead) Having to edit lighttpd.conf to remove that one line is a problem for those of us using an automated configuration tool like Puppet, as it means we have to duplicate the default config file in our repos, minus this one line. Could I please request that this line be moved into its own script in /etc/lighttpd/conf-available/ instead, so that enabling or disabling IPv6 support can be toggled on and off with a symlink, like the other options? This way the default config file would not have to be altered to change IPv6 options. Many thanks, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: lighttpd always binds to IPv6 on TCP port 80
On Sat, Sep 24, 2011 at 1:29 PM, Adam Nielsen a.niel...@shikadi.net wrote: 1) You are forced to have IPv6 on, even when server.use-ipv6 is set to disabled server.use-ipv6 is deprecated (and might be broken) 2) You are forced to listen on port 80 on the IPv6 interface, whether you want to or not (for the record I don't want to, as squid is listening there instead) Having to edit lighttpd.conf to remove that one line is a problem for those of us using an automated configuration tool like Puppet, as it means we have to duplicate the default config file in our repos, minus this one line. Could I please request that this line be moved into its own script in /etc/lighttpd/conf-available/ instead, so that enabling or disabling IPv6 support can be toggled on and off with a symlink, like the other options? This way the default config file would not have to be altered to change IPv6 options. Moving it into conf-available would be ok, but it'd still need to be enabled by default. Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#642604: [pkg-lighttpd] Bug#642604: lighttpd always binds to IPv6 on TCP port 80
Could I please request that this line be moved into its own script in /etc/lighttpd/conf-available/ instead, so that enabling or disabling IPv6 support can be toggled on and off with a symlink, like the other options? This way the default config file would not have to be altered to change IPv6 options. Moving it into conf-available would be ok, but it'd still need to be enabled by default. Thanks for the quick reply! That would be fine - removing a symlink is no problem, as it doesn't require touching anything else. Cheers, Adam. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
