Can I ask for a sanity check please?
I have built a Linux Appliance. It is delivered via CI/CD as an ISO or AMI, and autoinstalls with a simple guided menu-driven workflow and then does "security type stuff". It runs a few services on network traffic and sends results elsewhere. Consider it a "data collector" used for security investigation.
It's pretty dumb: It does one thing only. It's an appliance. The end-user has no access to the console or shell.
The menu system allows the end-user to change certain key parameters (interface related, ntp server etc), stop and start services and get stats on what's going on. All of this is done in bash - for example changing /etc/network/interfaces files and restarting internal services to change IP details.
However, the menu system is a bit of a mess. It's written in shell.
If you wanted to re-factor this, what would your approach be?
I would like to:
- Rewrite the menu system in a more appropriate language (Python or Go)
- The menu should output a config file (which would therefore allow appliance cloning, back-up and restore etc).
- That simple config file should be parsed and applied to the system by an additional service.
- Python for the menu system
- This writes a YAML based config
- A separate Python service converts the simple appliance config into appropriate config for an automation framework
- Let the automation framework do the heavy lifting - Salt or Ansible.
Does this make sense?
Is all input validated and all output sanitized? Is the software continuously kept updated? Are you keeping up with regulations and security protocols required by the countries that your appliance is used in? Are you offering enterprise support contracts to pay for the added work of maintenance per customer?