configd / custom template overwrites / overlay #1934
Comments
|
What if we glob and order +TARGETS.*, it would create an arbitrary number of possible overwrites.
Normal target file first of course.
… On 17. Nov 2017, at 17:44, Ad Schellevis ***@***.***> wrote:
From time to time people ask for functionality that doesn't really fit our core system, but uses parts of the system already in place (which makes it hard/impossible to use our plugin system to extend).
A nice example of such a feature is #1882 , which most likely will not make it into our system because there's no use case for it in scenarios we support.
Other examples are complex suricata scenario's which can't be configured from the gui.
One way of dealing with this is to support overwrites on our templating system to use your own modifications, although there are downsides in doing this it could offer vendors the possibility to maintain their own version of our plugins and users the option to overwrite our defaults.
The addition I would like to propose here is an extension to the +TARGETS file, named +TARGETS.overlay, which can register new targets or overwrite the ones which are already in the normal targets. So, an example:
For squid we would like to create our custom configuration, which overwrites our defaults which are statically configured.
src/opnsense/service/templates/OPNsense/Proxy/+TARGETS.overlay
squid.conf.custom:/usr/local/etc/squid/squid.conf
And the original installed by default.
src/opnsense/service/templates/OPNsense/Proxy/+TARGETS
rc.conf.d:/etc/rc.conf.d/squid/squid
squid.conf:/usr/local/etc/squid/squid.conf
newsyslog.conf:/etc/newsyslog.conf.d/squid
The downsides are:
You can only have one overwrite per module, so two packages trying to install an overwrite will fail on install (we won't accept plugins using overwrites, for obvious reasons)
Changes on default templates won't propagate to the custom templates, so vendors do need to maintain their own templates.
I will add a commit referencing this issue later on, up for discussion.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
I don't mind adding a glob, as long as we suffix them with something that makes it obvious that it is an overwrite (to prevent accidental files from being processed, such as +TARGET.old). It might increase the possibilities a bit, but there can only be one template per described target (it can't/won't merge) |
|
It doesn‘t have to merge, we just need to make sure our normal templates in +TARGETS are first, and then we can iterate through any number of overrides. But making a safe glob pattern is hard. What if we create a +TARGETS.D directory instead? But what to ignore and what not is still a problem unless we say no file in there is ignored? |
|
a +TARGETS.D directory sounds good to me, what if we scan for files there that end on .TARGET? so one can create an overwrite for squid.conf like this:
|
|
Lots of semantics for newcomers, but sounds good to me as long as prefix of the file is only cosmetic, not functional (content stays the same) |
|
Well, the upside is this should only be used by people who know what their doing ;) Thanks for your feedback |
as discussed with @fichtner use +TARGETS.D to host the target overwrite tags
is this working as intended? it appears that squid.conf.TARGET will be read as a target and look for paths specified in it instead of being read as a template to override squid.conf located a directory above? the actual practice appears to be: and creating Based on the conversation in here and on the target overwrites page I was assuming that any matching file + '.TARGET' in the +TARGETS.D directory would override the file one directory higher but that appears to not be the case. I'm not sure what the benefits of the +TARGETS.D directory would be otherwise vs just using a file like +TARGETS.overrides that contained target overrides. |
That is indeed the intended purpose, overwrite definitions with custom ones. core/src/opnsense/service/modules/template.py Lines 90 to 93 in 88ab77f
Overwrite system defined or plugin defined configuration files with those of your own. As mentioned in the docs, handle with care as the original configuration file is likely subjected to change. If one would like to ship a custom |
|
I think my confusion is based around overriding the target vs overriding
the config file itself. Based on the documentation it makes it seem like
you can override the conf file by putting a new one in +TARGETS.D as
opposed to a generic .TARGET file with the definition for the file to be
overridden.
Overwrite system defined or plugin defined configuration files with those
of your own.
Right, I get the purpose, but what's the difference between having separate
+TARGETS.D/users.conf.TARGET and +TARGETS.D/base.conf.TARGET files vs one
single +TARGETS.D/overrides.TARGET file with definitions for base.conf and
users.conf like the +TARGETS file?
…On Tue, Dec 28, 2021, 1:30 PM Ad Schellevis ***@***.***> wrote:
@chelming <https://github.com/chelming>
the actual practice appears to be:
Inside of +TARGETS.D create a file like override.TARGET containing
...
That is indeed the intended purpose, overwrite definitions with custom
ones.
https://github.com/opnsense/core/blob/88ab77fc85ec0d06dbb9fda72da7daae88a45704/src/opnsense/service/modules/template.py#L90-L93
... I'm not sure what the benefits of the +TARGETS.D directory would be
otherwise vs just using a file like +TARGETS.overrides that contained
target overrides.
Overwrite system defined or plugin defined configuration files with those
of your own. As mentioned in the docs, handle with care as the original
configuration file is likely subjected to change. If one would like to ship
a custom squid.conf for example, you can divert the configuration output
with one of your own.
—
Reply to this email directly, view it on GitHub
<#1934 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB3DIQIGRP654A7JM4H5SQDUTH66FANCNFSM4EEHNP2Q>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
There isn't, all files are processed in order so different "vendors" can plug different files from the base target definition file. |
|
Got it, thanks. I want to try and update the documentation for people like
me who are unfamiliar with targets to add some clarity and an example of
how to override a specific file and wanted to make sure I understood what
was happening.
…On Tue, Dec 28, 2021, 2:35 PM Ad Schellevis ***@***.***> wrote:
Right, I get the purpose, but what's the difference between having separate
+TARGETS.D/users.conf.TARGET and +TARGETS.D/base.conf.TARGET files vs one
single +TARGETS.D/overrides.TARGET file with definitions for base.conf and
users.conf like the +TARGETS file?
There isn't, all files are processed in order so different "vendors" can
plug different files from the base target definition file.
—
Reply to this email directly, view it on GitHub
<#1934 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB3DIQIJIJETPZR4BXEDPITUTIGRRANCNFSM4EEHNP2Q>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
From time to time people ask for functionality that doesn't really fit our core system, but uses parts of the system already in place (which makes it hard/impossible to use our plugin system to extend).
A nice example of such a feature is #1882 , which most likely will not make it into our system because there's no use case for it in scenarios we support.
Other examples are complex suricata scenario's which can't be configured from the gui.
One way of dealing with this is to support overwrites on our templating system to use your own modifications, although there are downsides in doing this it could offer vendors the possibility to maintain their own version of our plugins and users the option to overwrite our defaults.
The addition I would like to propose here is an extension to the
+TARGETSfile, named+TARGETS.overlay, which can register new targets or overwrite the ones which are already in the normal targets. So, an example:For squid we would like to create our custom configuration, which overwrites our defaults which are statically configured.
src/opnsense/service/templates/OPNsense/Proxy/+TARGETS.overlay
squid.conf.custom:/usr/local/etc/squid/squid.confAnd the original installed by default.
src/opnsense/service/templates/OPNsense/Proxy/+TARGETS
The downsides are:
I will add a commit referencing this issue later on, up for discussion.
The text was updated successfully, but these errors were encountered: