Product SiteDocumentation Site

9.4. 管理员界面

在各种情况下,使用图形界面进行管理都很有趣。管理员不必了解所有服务的配置信息,不用翻阅文档。因此,用图形界面进行管理可以加速服务的部署过程。也能简化那些比较难的服务设置过程。
此类界面只是辅助,它自身并不解决问题。在各种情况下,管理员必须控制它,以便理解并处理各种潜在的问题。
界面不会完美的,总有其他的解决方案。不过,应尽量避免使用多种解决方案,因为不同的工具彼此间不见得兼容。即使宣称极有弹性且以单一模式使用配置档,不见得能够集成所有的外部改变。

9.4.1. Browser-based Administration: cockpit

Cockpit is a web-based graphical interface. It is secured by HTTPS by default and can be used with your own trusted certificates. It allows an administrator to access not only data and basic administration functions, but also a terminal to run commands directly on the target system. The interface is provided in form of multiple packages which provide module-like functionality. For example, cockpit-pcp provides functionality to log and access resource usage statistics. It is important to know that the cockpit-networkmanager should not be installed if network-manager is not installed either. Some of the modules provide network services, and it should be carefully checked if they should really be accessible by the public.

9.4.2. 通过网页接口管理:webmin

毋庸置疑,这是最成功的管理界面。它是透过网络浏览器的模块化系统,覆盖了广泛的领域和工具。而且,它是国际化的并且可以在多种语言中使用。
Webmin 面板

图 9.5. Webmin 面板

Sadly, webmin is no longer part of Debian. Its Debian maintainer removed the packages created because they no longer had the time required to maintain them at an acceptable quality level. Nobody has officially taken over, so Debian does not provide the webmin package.
There is, however, an unofficial package distributed on the webmin.com website. Contrary to the original Debian packages, this package is monolithic; all of its configuration modules are installed and activated by default, even if the corresponding service is not installed on the machine. Users should be aware that webmin had its fair share of vulnerabilities. It should therefore be kept up-to-date, and additional measurements might be in order for public systems using it.
Webmin 通过 web 界面访问,不需要安装 Apache 网络服务器。该软件集成了它自己的微型网络服务器。默认监听10000 端口,等待安全 HTTP 连接。
包括大量服务模块,其中包括:
  • all base services: creation of users and groups, management of crontab files, service scripts/files, viewing of logs, etc.
  • bind:DNS 服务配置(域名服务);
  • postfix:SMTP 服务配置(电子邮件);
  • network services: configuration of the xinetd super-server;
  • disk quota: user quota management;
  • dhcpd:DHCP 服务配置;
  • proftpd:FTP 服务配置;
  • samba:Samba 文件服务配置;
  • sodtware:从Debian 安装或者移除软件报和系统更新。
管理界面可以通过在网络浏览器中输入地址 https://localhost:10000。注意!不是所有的模块都是直接可用的。有些必须通过指定相应的配置文件和可执行文件(程序)。如果未能启动请求的模块,系统往往会给出提示。

9.4.3. 用于管理配置的软件包: debconf

Many packages are automatically configured after asking a few questions during installation through the Debconf tool. These packages can be reconfigured by running dpkg-reconfigure -plevel package.
对于大多数情况,设置很简单;只改变配置文件中的几个重要变量。常常把这些变量放在两个分隔行内,重新配置只会影响其内的数据。其他情况下,如果脚本探测到手动更改了配置文件,为了保留这些人为编辑,重新配置什么也不做(因为脚本不能确定它的修改不会弄乱已有的设置)。