RFC: interface complexity level


(Filippo Carletti) #1

I’d like to write some guidelines about the level of options we want exposed on the server-manager web admin interface.
NethServer is developed with the aim to simplify the life of a sysadmin, often without high skills on linux. The server-manager has a rule that says: don’t put options that a non-linux sysadmin can’t understand. But it’s hard to find where the line between hard and intuitive options lays.
Another rules is: don’t put every possible option, but hide some of them in the db, where an expert sysadmin can find and change them easily through the shell (config setprop…).

I’d like to hear opinions of experts and newbies here.

For the curious, it started from here:


Getting started discussions
Diskspace extension and mounting ISCSI locations
Change the port of pop(s) imap(s) services
(Giacomo Sanchietti) #2

I don’t like very much the ability to change the listening port from the web interface except for few exceptions.
A good example of this exceptions can be SSH or OpenVPN (as pointed out by @stephdl (https://github.com/nethesis/nethserver-openvpn/pull/2).
Changing ports for these kind of daemon is a well-known practice.

But if we want to give this chance to the user, I don’t see any problem for non-critical services like FTP, but I’d strongly discourage for other important services (like IMAP/POP) used from many other software/clients.

Anyway, I’d like to hide the option inside an “Advanced” expandable section/div (closed by default).


Changing listening port from the web interface
Introducing new members on community - 22 Feb 16
Firewall UI for policy rules
(Davide Principi) #3

I agree with @giacomo. I’d like a perfect world where TCP/UDP services use IANA ports. :beers:

An alternative way can be adding a specific panel like “Network services” page, where the TCP/UDP port of any service can be changed. The panel should be an opt-in for “experts”.


(Stefano) #4

I totally agree with Filippo and I’m against any “pro”/“expert” panel

some (possibly/likely harmful) option must be only edited by CLI (db props and events)

I’d add that I totally disagree with advanced functions (LVM in primis) web driven


(Michele Bortolotto) #5

i like the idea of an “advanced” panel


#6

I understand your doubt @filippo_carletti… but honestly, if the nethserver must simplify life for sysadmin, changing ports from gui is a simplification to me, and if the sysadmin doesn’t know what a port is… well, maybe is not a syadmin but a “casual user”.
Without doubt nethserever could be used from the “casual users”, so i think it is fair to keep the basic configuration easy.
For example, also looking at my qnap config (that I use only for strage), I could set port for vpn/tftp/mysql/ftp/ssh and so on…

All this to say: +1 to the “advanced” panel :slight_smile:

… and sorry for my english, and tnx for nethserver :wink:


(Stéphane de Labrusse) #7

SME Server was a revolution because at the time where you needed to edit obscure configuration files you had a panel and magically you created users groups, samba shares and much more…that was great progresses.

But that’s right some settings were hidden, port number, access public/private however with the time a lot were bring to the light, either by a contrib like smeserver-service_control or by contributions to the core.

I do agree if you want, accept, decide to have some lacks in NethServer, this will be my business as contributor and at the end, all your hidden settings will be done by contributors maybe/surely without the stability because the code is not incorporated directly in the core…But be sure that all your users will use the modules that give their life easier. As you can see, you have had a need concerning the php settings, @medworthy asks for a panel and I provide one in nethserver-php-scl.

We live in a video word, where we don’t write any more, you are sysadmin, coders, developers administrators, helpdesk and you waste the most of your time in a terminal (like me), however we need much more easy settings not for us but for users less skilled or for lazzy admins :confused:

This distro is not an Ubuntu and co, the purpose is to do a server, without Xorg, you have to understand some principles of Network, Services, but aimed to be easy to take in hand with a low TCO…That’s the revolution.


(Filippo Carletti) #8

QNAP could be a good source of inspiration for me. It’s a tool for an advanced user but not a professional sysadmin, it’s renown for it’s user friendliness and it’s widely used worldwide.

I agree with all of you and I hope you agree with me that it’d hard drawing the line at the right place for every kind of user.
We could use all the options we have:

  1. user interface
  2. advanced options
  3. command line

We should teach our users to beware of the advanced panel, telling them not to touch settings there unless they know what they’re doing. At the same time, a network port should be a concept widely known and easy to understand.

I agree with @stephdl that we should evolve from SME and add more options to the server-manager (I feel that SME didn’t receive a lot of panel improvements because it’s hard to modify formmagick).


(Alessio Fattorini) #9

I moved 2 posts to an existing topic: Changing listening port from the web interface


Changing listening port from the web interface
(Alessio Fattorini) #10

In my opinion, simplicity is still powerful. One of most appreciated NethServer features is doing things easily with few clicks and few steps, so I do want this being preserved. On the other hand I understand who wants build a complex webserver also needs more advanced options since shared folders aren’t enough. Plus unfortunately, people don’t like command line. Don’t like playing with db commands, templates, etc… As a matter of fact, Qnap doesn’t ask to set advanced options by CLI :smile:
New panel with advanced options? It could work for me, additional module either (like nethserver-phpsettings)

Indeed, what do you think about highlight settings changed from default (with a reset to default button)? Discourse already do it and it’s really helpful.


(Michele Bortolotto) #11

I think that advanced options can be provided by plugins (like passwords complexity)


(Stefano) #12

If we decide to delegate to a web interface most of configuration tasks, we should avoid dangerous changes

for example:

  • no disks partition management (only info about partitions)
  • no lvm management (only info about volumes)
  • no raid management (only add disk)

nothing that could lead to data loss… no “advanced” panel, no password protection, no hint/advice/warning can stop an unexperienced user from do a mess…

the “click - click - next - next” approach has already done many victims :slight_smile:


(Jonathan Dumont) #13

I like this idea;
I have this kind of option in my FritzBox
you could choose between standard or advanced view at the bottom


(Kristian Malvander) #14

Good idea,

How about we define first how a nethserver admin looks like. I mean how does he/she operates on daily basis. After that we could define why advanced features are necessary and for what reasons an nethserver admin would need it for (Scenarios/cases) for example:

  • Why do we need advanced settings? Nethserver admin has to be able to harden the system and therefore default values has to be easily changed fast for security reasons.
  • Why do we need to manipulate storage? Nethserver admin has to be able to extend/move storage for fileserver to make the server solution easily storage scalable.

Lets try to see this from the defined admin user perspective and maybe from the potential common business needs/scenarios?


(Alessio Fattorini) #15

Like it, I want add an additional scenario:

  • what could be broken due to a misconfiguration of such advanced settings. What kind of risks?

(Kristian Malvander) #16

If misconfiguration is of essence in this discussion then maybe those settings should be protected with an extra password that is separated from the user? That would make the dashboard usable for non technical users and a technical user would have the ability to unlock those powerful advanced features to ease the daily work process (even through remote sessions to customers desktop)?

From earlier post that I belive make sense:
If there are tasks you don’t do often but they are important and have
to be done fast then you should simplify them even if you know what you
are doing. Especially if you want to achieve the same result every time
from the job then it’s perfect to have done trough the dashboard.

CLI for me is for advanced stuff when the option is not defined in
the gui. So the dashboard feature doesn’t rule out the CLI for the same
task in my opinion or vice versa.


(Davide Marini) #17

My thought is that a 2 levels interface would be best to configure many services providing simplicity for not expert people and additional tools for the advanced sysadmin allowing him to do his job faster and better, obviously that kind of interface is the most difficult to design but for many task it’s worth it.

When I say “many services” I do not mean critical things like raid configurations, disk partitions etc. but often used services (like VPNs, content filter, proxy web and so on…) where I usually would like to spend just few seconds to add a supported option rather than many minutes to :

  • verify the correct syntax of the option I want to use
  • find the correct position in the template-custom
  • check that everything is working well