From 9f4633fcbd0e2d86e9b7e4fce07cb1b69aa48a35 Mon Sep 17 00:00:00 2001 From: Mario Fetka Date: Sat, 13 Jun 2026 11:25:58 +0000 Subject: [PATCH] 0473 docs: split nwwebui ssl offload from nwadmin plugins --- AI.md | 28 ++++++------ REDESIGN.md | 25 +++++++---- TODO.md | 2 +- doc/NWADMIN_CLIENT_PLAN.md | 88 ++++++++++++++++++++++++++++++++------ doc/README.md | 3 +- 5 files changed, 108 insertions(+), 38 deletions(-) diff --git a/AI.md b/AI.md index e068b75..ee2e08a 100644 --- a/AI.md +++ b/AI.md @@ -47,7 +47,7 @@ unfinished work out of `TODO.md` merely because its architecture is documented. Latest patch marker expected in an up-to-date bundle: -- `0472 docs: record nwwebui auth lifecycle and dependency rules` +- `0473 docs: split nwwebui ssl offload from nwadmin plugins` When a later chat receives a new `mars-nwe-master` bundle, compare `git log -1` with this marker. If the uploaded bundle already contains this commit subject, @@ -67,21 +67,23 @@ The active line is expected to include: Last generated patch: -- `0472 docs: record nwwebui auth lifecycle and dependency rules` +- `0473 docs: split nwwebui ssl offload from nwadmin plugins` Purpose of that patch: -- Clarify that `nwwebui` and `nwserv` have separate lifecycles: a file-server - restart must not restart the web UI as a side effect. -- Make 3.x `nwwebui` login prefer bindery/server authentication over localhost - NCP or explicit control authentication, with PAM as fallback only. For later - 4.x/directory work, use `libnwds` or matching server-side directory - authentication first, with PAM still only fallback. -- Keep `nwwebui` management operations behind the portable admin API over - localhost NCP or explicit control IPC, not direct local storage libraries. -- Record the dependency direction for a future SMArT replacement: replace local - ad-hoc socket/HTTP/TLS helpers with bundled `libowfat` helpers where suitable - and MatrixSSL/`libnwssl` for HTTPS/TLS. +- Clarify the SMArT replacement split: `nwwebui` is the small HTTP/HTTPS/TLS + offloader, session and static-asset frontend, while `nwadmin` is the backend + management process. +- Put web/config plugin dispatch in `nwadmin`, not in `nwwebui`; plugins declare + IDs, titles, icon IDs, navigation sections, required capabilities and command + handlers so web and future desktop frontends can share one admin vocabulary. +- Keep the visual direction iManager/ConsoleOne-inspired with open-source or + project-owned icons shared between web and desktop frontends; do not copy + proprietary Novell assets. +- Record service lifecycle rules: `nwserv` or a service manager may restart + backend services such as `nwadmin`, `nwconn`, NCP, directory, FTP/WebDAV/NFS + modules individually, but `nwwebui` should keep running unless explicitly + restarted. Directory/NDS work order before any FLAIM storage conversion: diff --git a/REDESIGN.md b/REDESIGN.md index 43f082a..637a601 100644 --- a/REDESIGN.md +++ b/REDESIGN.md @@ -2578,15 +2578,22 @@ Terminal UI, toolbox and curses replacement plan: evaluated later, but they must not become required dependencies for the common admin client library or server daemons. - A server-local web admin frontend may eventually replace the old SMArT role, - but it must be a separately supervised process from `nwserv`. Restarting the - file server must not restart the web UI as a side effect. `nwwebui` owns - HTTP/HTTPS, TLS, sessions and static assets; it should authenticate primarily - through bindery/server authentication for the 3.x path, later through the - directory/`libnwds` path for 4.x, and use PAM only as a fallback. Socket and - HTTP helper work should prefer bundled `libowfat`, and HTTPS/TLS should use the - MatrixSSL/`libnwssl` project TLS path instead of another local implementation. - Management actions should still go through the portable admin API over - localhost NCP or an explicit control IPC, not through local storage libraries. + but it must be split into a small `nwwebui` frontend and an `nwadmin` backend. + `nwwebui` owns HTTP/HTTPS, TLS offload, sessions and static assets, and should + stay alive while server services restart. `nwadmin` owns web/config plugin + dispatch and calls the portable admin API over localhost NCP or explicit + control IPC. The `nwwebui`-to-`nwadmin` boundary should be an explicit local + IPC socket/protocol, replacing the old SMArT-style subprocess stdout/console + scraping model. Restarting `nwserv` as the file-server service family may restart + backend services such as `nwadmin`, `nwconn`, NCP, directory, FTP or later + service daemons individually, but it must not restart `nwwebui` unless the web + frontend itself was explicitly requested. Authentication is bindery/server + auth first for 3.x, later directory/`libnwds` auth first for 4.x, and PAM only + fallback. Socket and HTTP helper work should prefer bundled `libowfat`, and + HTTPS/TLS should use the MatrixSSL/`libnwssl` project TLS path instead of + another local implementation. Web and desktop admin frontends should share an + open-source or project-owned icon catalog and iManager/ConsoleOne-inspired + navigation language without copying proprietary Novell assets. - Production daemons must not depend on the TUI stack or on administrator GUI toolkits. - See `doc/TUI_TOOLBOX_PLAN.md` for the detailed UI/toolbox plan, diff --git a/TODO.md b/TODO.md index 89e1119..6252d17 100644 --- a/TODO.md +++ b/TODO.md @@ -115,7 +115,7 @@ may remain active. | Additional File Server Environment 4.x monitor/admin selectors | later / guarded | Implement only when a concrete admin tool or compatibility test requires it. | | Remote `nwadmin` 3.x client roadmap | 3.x | open | Audit `mars-nweadmin` workflows and define a portable NCP-based admin client API. Linux should investigate ncpfs behind a transport adapter; macOS and Windows backends remain open until the 3.x NCP needs are known. Do not link the admin GUI directly to local server libraries. | | Remote admin GUI frontend | later / guarded | open | A GUI may use Lazarus LCL/FreePascal or another cross-platform toolkit, but only after the portable admin client API has a console/CTest frontend. Keep first-pass dependencies small; Cross.Codebot/TMS WEB Core/uniGUI-style stacks are later evaluations, not required dependencies. Directory/ConsoleOne-like features come later after the directory stack is ready. | -| Server-local nwwebui admin frontend | later / guarded | open | Allow `nwwebui` to grow into a SMArT replacement as a separately supervised process from `nwserv`. It should own HTTP/HTTPS/TLS/session handling, use bindery/server authentication first for 3.x, later directory/`libnwds` authentication for 4.x, keep PAM as fallback only, use bundled `libowfat` for socket/helper work where suitable, use MatrixSSL/`libnwssl` for TLS, and call the same portable admin API over localhost NCP or explicit IPC instead of local storage libraries. | +| Server-local nwwebui/nwadmin admin frontend | later / guarded | open | Replace the old SMArT role with a split design: `nwwebui` is the small HTTP/HTTPS/TLS/session/static frontend and SSL offloader; `nwadmin` is the backend process that owns web/config plugins and calls the portable admin API. Keep bindery/server authentication first for 3.x, later directory/`libnwds` authentication first for 4.x, PAM fallback only, `libowfat` for socket/helper work where suitable, and MatrixSSL/`libnwssl` for TLS. `nwserv` or a service manager may restart backend services such as `nwadmin`, `nwconn`, NCP, directory, FTP/WebDAV/NFS service modules individually, but must not restart `nwwebui` as a side effect. Replace SMArT-style subprocess console-output coupling with an explicit local IPC socket between `nwwebui` and `nwadmin`. | | NDS/NCP Fragger and related 4.x infrastructure | later / guarded | Keep out of default runtime until transport/client scope is explicit. | | TimeSync and NCP Extension families | later / guarded | Reference/stub only unless a real 3.x/4.x client path requires them. | | Migration, compression, data migration and later OES/MOAB-style selectors | reference-only | Study reusable data models only; do not add default live endpoints during the 3.x push. | diff --git a/doc/NWADMIN_CLIENT_PLAN.md b/doc/NWADMIN_CLIENT_PLAN.md index d12faad..7d6c0bb 100644 --- a/doc/NWADMIN_CLIENT_PLAN.md +++ b/doc/NWADMIN_CLIENT_PLAN.md @@ -93,16 +93,26 @@ common admin client library. Preferred shape: ```text -service manager - -> starts/supervises nwserv +service manager / nwserv supervisor role + -> starts/supervises nwserv service family + -> nwserv / ncpserv / nwconn / nwdirectory / nwftp / ... -> starts/supervises nwwebui independently when configured - -> owns HTTP/HTTPS, TLS, sessions and static assets - -> delegates login to mars-nwe server authentication - -> calls the same admin client API used by nwadmin - -> localhost/server NCP transport or explicit server-control IPC - -> mars-nwe server + -> owns HTTP/HTTPS, TLS offload, sessions and static assets only + -> forwards authenticated web-admin requests to nwadmin + -> owns web/config plugin dispatch and admin operation routing + -> calls the portable admin API + -> localhost/server NCP transport or explicit server-control IPC + -> mars-nwe service being managed ``` +In this shape `nwwebui` is deliberately small. It is the stable web listener +and SSL offloader that can remain alive while server services restart. +`nwadmin` is the management process behind it. Web modules, configuration +modules and later service-specific extensions belong to `nwadmin`, not to the +TLS/HTTP frontend. The connection between both processes should be an explicit +local IPC socket/protocol, not the old SMArT-style subprocess stdout/console +scraping model. + `nwwebui` may reuse the existing SMArT-derived web service direction as a feature reference, but new implementation work should replace local ad-hoc socket, HTTP and TLS helpers with the project's normal bundled dependencies. Socket and @@ -120,8 +130,10 @@ should switch to the directory service path through `libnwds` or the equivalent server-side directory authentication API, with PAM still only a fallback. Management operations should move behind the same portable admin API used by -console and GUI frontends. The web UI must not call local storage libraries such -as `libnwdirectory`, `libnwflaim`, or private storage internals directly. +console and GUI frontends. `nwwebui` should forward to the `nwadmin` process, +and `nwadmin` should perform the plugin dispatch and admin API calls. Neither +process may call local storage libraries such as `libnwdirectory`, `libnwflaim`, +or private storage internals directly to manage a running server. For the first server-local web UI, prefer simple generated HTML, small static assets and normal forms. Avoid making a large single-page-application framework @@ -137,6 +149,45 @@ refresh its server session after the server comes back. Restarting `nwwebui` should be an explicit web-admin/service-manager action, not a side effect of restarting the file server. +## Shared visual language and plugins + +The web and desktop admin frontends should share the same visual vocabulary. +Use an open-source icon set or project-owned icons, but keep a common icon ID +catalog so the desktop UI and web UI show the same symbols for users, groups, +volumes, trustees, server status, restart actions and later directory objects. +Do not copy proprietary Novell artwork; use an iManager/ConsoleOne-inspired +layout and project-owned assets. + +`nwadmin`, not `nwwebui`, owns the plugin system. A first plugin interface can +be simple and static: each plugin declares an ID, title, icon ID, navigation +section, required server capability, and command handlers for read-only views or +configuration changes. Later plugins can cover optional services such as NFS, +FTP, WebDAV, directory/schema tools, certificate management or other server +modules. The same plugin metadata should drive both the web navigation tree and +a future desktop/client navigation tree. + +The split keeps dependencies small: + +```text +nwwebui + -> HTTP/HTTPS/TLS/session/static frontend + -> local IPC socket client/server boundary to nwadmin + +nwadmin + -> plugin registry + -> web/config module dispatch + -> portable admin API / server-control client +``` + +When `nwserv` gains service-management awareness, it may support targeted +restarts such as restarting only `nwadmin`, only `nwconn`, only the NCP server, +only the directory server, only `nwftp`, or another optional service. Restarting +`nwserv` as the file-server service family may restart managed backend services, +including `nwadmin`, but it should not restart `nwwebui` unless the web frontend +itself was explicitly requested. If `nwadmin` is restarted, `nwwebui` should +keep the listener and sessions alive, reconnect to the IPC socket when the +backend comes back, and show a temporary backend unavailable notice meanwhile. + ## Work order 1. Audit `mars-nweadmin` workflows for the 3.x feature set: users, passwords, @@ -147,9 +198,9 @@ restarting the file server. behind the transport adapter. 4. Add a console/CLI test frontend so CTest can exercise the client API without a GUI. -5. Add a simple server-local `nwwebui` admin frontend only after the API is - stable enough to keep SMArT-style HTTP/HTTPS/login handling separate from - management operations. +5. Add a simple server-local `nwwebui` plus `nwadmin` pair only after the API is + stable enough: `nwwebui` handles HTTP/HTTPS/TLS/session/static frontend work, + while `nwadmin` owns plugin dispatch and management operations. 6. Add a desktop GUI frontend only after the admin client API and transport behaviour are stable and the toolkit choice does not force large dependencies into the common/server side. @@ -177,5 +228,14 @@ restarting the file server. authentication is primary for 3.x; later directory authentication through `libnwds` or the matching server-side directory API is primary for 4.x; PAM is fallback only. -- Do not make `nwserv` restarts restart `nwwebui` as a side effect. Treat them - as separately supervised processes so the web UI can survive a server restart. +- Do not make `nwserv` restarts restart `nwwebui` as a side effect. Treat the + web frontend as separately supervised so it can survive server-service + restarts. `nwserv` or a service manager may restart backend services such as + `nwadmin`, `nwconn`, NCP, directory, FTP or other optional daemons + individually, but `nwwebui` restarts must remain explicit. +- Do not put the web/config plugin system into `nwwebui`. Keep `nwwebui` as + the HTTP/HTTPS/TLS/session/static frontend and put plugin dispatch into the + `nwadmin` backend process. +- Replace the old SMArT-style subprocess/console-output coupling with an + explicit local IPC socket between `nwwebui` and `nwadmin`, with reconnect and + backend-unavailable handling in the frontend. diff --git a/doc/README.md b/doc/README.md index cfe4887..187590f 100644 --- a/doc/README.md +++ b/doc/README.md @@ -34,7 +34,8 @@ directory small and put new material into topic subdirectories. - `DIRECTORY_STACK_PLAN.md` - nwdirectory/libnwdirectory/libnwds layering, flatfile-first LDAP CTest plan and later FLAIM storage-backend swap. - `NWADMIN_CLIENT_PLAN.md` - remote NCP-based administrator client roadmap, - `mars-nweadmin` portability audit notes and future cross-platform GUI plan. + `mars-nweadmin` portability audit notes, future cross-platform GUI plan and + split `nwwebui`/`nwadmin` web-admin/plugin architecture. ## Layout rule