I'm actually working on this problem right now. I'm making a web interface to allow users to do administrative tasks. And, if I may say so myself, I've had some good ideas.
The best is, write your web app and your privileged run-as-root server as completely separate applications. Have them communicate by a very simple protocol. I use YAML. Then your privileged app doesn't need to handle the chaos of the internet and HTTP, it only has to handle your very well defined, specific instructions. Everything else it can ignore. Then the web app simply becomes an instrument to convert HTTP to your simple instruction set. You can test your privileged server with a simple client. You can write a library to talk to your privileged server. It's awesome.
For the web app, I'm using Catalyst for the 1st time, and it's really as good as they say. Use it and kick yourself for anything web you've done that wasn't Catalyst. It's so easy to add a feature here or there. You never really know what you're building until you've built it, so being able to add stuff along the way is huge.Don't start with a list of features and try to make them all work. Make the most minimal useful thing you can, publish it and then add features. This has many benefits. One benefit I hadn't thought of until I saw it is, you get to send out a nice message to your bosses every week or so announcing a cool new feature, so they're always thinking how awesome you are.
I've presently got 4 instances running on two servers. Two development and two production. The two servers are very different and I've written my code to work equally on both. No customization. I test in the two development instances and then roll out to the two production instances.
I started with a server that can authenticate users and show them how much web space they've used. I've just added authentication against a bunch of new sources and the ability for other IT staff to check the quotas of other people. After talking to users, I'm adding a new feature so lab staff (I work at a college) can check the enrollment and fee payment of students. That's going to take me about a day. And it's gong to make a lot of grumpy people a lot less grumpy. And it's so easy to add features! I just add the capability to my privilged server, test, roll out. Add interface to web app, test, roll out. Email bosses, bask, repeat.
I think I'm babbling... anyway, hope that's helpful.
--Pileofrogs
In reply to Re: Building a web-based system administration interface in Perl
by pileofrogs
in thread Building a web-based system administration interface in Perl
by wazoox
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |