On 02/03/2017 04:06 AM, Andrew Mason wrote: > Hi All, > I have been listening to Alan Pope plugging snaps for a while now on the LUP > podcast and decided to try it out by installing a popular snap on a remote VM.
Hey, thanks for giving it a shot! > 1. This particular snap was a collection of used a combination of Apache httpd > + MySQL and a few other utilities. > > I presume that if I wanted to use something like nginx instead of apache and > MariaDB instead of mysql I would need to rebuild the snap my self ? Is the > source / build instructions (.yml file?) available in some form that I can > access? Yeah this really depends on the snap. Indeed, if the snap in question embeds these things, unless the snap itself supports swapping things out somehow, your best path may be to rebuild the snap yourself using the components you desire. Whether or not you can do this also depends on the snap, e.g. it may not be open source. Figuring that out and/or finding the snap sources is a bit of a challenge right now since nothing shows you that information[1]. > 2. This snap in particular seemed to be configured to listen on the IP > address > of machine it was running on. As this was deployed in Azure the VM is > deployed > with a private 10.x IP address and sits behind a foobarqux.cloudapp.net so it > was not possible to visit the IP address directly; I ended up using an SSH > tunnel to address this, but conceptually if I wanted to change a > configuration > element like this, what is the correct way to do so ? That would also be up to the snap in question. snapd supports a configure hook[2] that the snap can implement to support such things, but implementing that hook (and what exactly can be changed with it) is still up to the snap. The snap could also expose such functionality with its own app, if the developer chose to do so. > 3. Say a bunch of people want their own instance of this snappified service. > How are / should additional instances handled from an installation > perspective > ? > > Also how would multiple instances be configured with regards to TCP port > access ? I'm not 100% sure I understand this question. Snaps aren't per-user (they're installed system-wide), so if you're asking how multiple users on the same machine would install this snap, the answer is "they wouldn't" I suppose. Please clarify this question if I didn't answer it. > 4. There was some attempt by the package to install a Let's encrypt > certificate however that failed due (possibly) to the aforementioned IP > address issue.. > > Is there any provision to be able to execute certain parts of the > post-install > / pre-install scripts like there is with a debian package ? i.e -reconfigure > > Assuming I am able to get a certificate manually...e.g I have an EV cert for > the domain; how would I go about installing the Certificate into my new snap. > > I understand they are mounted images but from my understanding these are read > only. Do I just mount -o remount,rw ? I'm afraid not. They're not only mounted read-only, they're squashfs images which by definition ARE read-only. You cannot write to them. However, if the snap in question is fetching certs from Let's Encrypt, it's not writing to the snap either-- it must be placing those in a writable area (e.g. /var/snap/<snapname>/current/). I see no reason why you can't do the same with your certs, but again: the snap in question must support this. For example, the Nextcloud snap in stable only supports generating self-signed certificates or fetching certificates from Let's Encrypt, but the one in candidate has support for adding custom ones. > 5. Prior to the installation of the aforementioned snap, I used UFW to add a > firewall restricting access to all but the SSH port. > > After installing this snap it did not seem to automatically open a port. Is > this the correct behaviour ? If I am building a snap of my own application > how > would I go about informing the user that this additional task is necessary ? > Can I prompt them to perform this action ? Unless the snap has firewall access (available as an interface), it won't have permission to touch it. So no, in most cases, the snap will not automatically open a port in your firewall. This is a good thing, in my opinion! If you're building a snap of your own application, I assume this would be in its documentation (either online or available as a --help option). > If you have made it this far I really appreciate that you have taken the time > to consider the questions and any answers would be greatly valued. Thanks for reaching out! I hope I helped-- please ask for clarification where that isn't the case. [1]: https://bugs.launchpad.net/snappy/+bug/1624829 [2]: https://github.com/snapcore/snapd/wiki/hooks#configure -- Kyle Fazzari (kyrofa) Software Engineer Canonical Ltd. k...@canonical.com
signature.asc
Description: OpenPGP digital signature
-- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
