I had separate chats with people about MDB yesterday, originally about how we’re going to fix a potential security problem with Bongo, but went into a wider-ranging discussion about MDB. For those who don’t know, MDB is the LDAP-like API we use to store virtually all configuration.
There are a couple of issues with our code base right now:
- The mdb.conf is world-readable, which is the security problem. This is necessitated by the current Dragonfly setup, which runs in the Apache process;
- Ideally, we want full configuration access from Hawkeye (the new web admin tool), also in a secure manner;
- Making MDB schema changes etc. is hard, and we don’t really have an upgrade strategy in place;
- Bongo was designed to be able to run in a clustered fashion – e.g., having IMAP run on a separate server to the store – but, at the moment, there are a number of hard-codings which make this virtually impossible. The main one being, the list of agents in bongo-manager is hardcoded;
- The above fact also makes it difficult to see how we could integrate third-party agents easily, which is sad.
It feels to me that we’re on something of a sticky wicket with MDB (translations into colloquial English involve creeks and paddles, I’m given to understand).
There are a number of ways that we can think about solving the problems above in isolation, but the more I think about it, the more I think MDB is hamstringing us. The world involved in solving each individually also seems to be less than the work of a more complete solution. MDB was always something we were planning on getting rid of in the long term, but that was going to be a post-1.0 story.
I’m not going to put forward any potential solutions at this point, because this needs thinking about. In an ideal world, I would punt as much of this as possible: e.g., clustering isn’t a feature I would be sad about dropping from 1.0. However, I also don’t want to see us applying big band-aids: if we built Hawkeye over existing MDB, we’re basically doing work we’d end up throwing away later anyway, or at least rewrite majorly.
This needs a lot of thought 🙂