Skip to content. | Skip to navigation

Sections
Personal tools
You are here: Home News & views 4 out of 5 developers agree: XML configuration is teh fail

Posted Oct 20, 2008

4 out of 5 developers agree: XML configuration is teh fail

by Erik Rose
— filed under:

XML is not like violence: if it isn’t working, the answer is not to use more.

4 out of 5 developers agree: XML configuration is teh fail

“Configure this!” thinks Erik Rose.

“XML is the wrong language for configuration files. It sucks. Don’t pretend that this isn’t true. It’s ugly, intimidating for non-techies, and error-prone.”

John DeRosa is right. WebLion spends much of its time teaching Plone, and the above aptly reflects the experience of our learners—and, for that matter, our developers. The various XML dialects used in Plone are more verbose, less documented, harder to write, and harder to read than straight Python, and every audience I contact seems to agree. At a recent user group meeting, I brought up an old-style Install.py briefly (and even somewhat ashamedly), and the audience of XML-trained recent adopters stopped me and peppered me with questions about how I managed to do all my installation and uninstallation so simply!

More languages are bad

I'm all for domain-specific languages when they deliver clear wins, but that is not what we have in Plone right now. Here's how these extra languages are hurting us:

  • Adding languages adds to the burden on new users. ZCML and the other dialects in places like viewlets.xml and skins.xml are each another new language you have to learn to do Plone. They are used nowhere else in the world, so 0% of Zope inductees know them already, and any knowledge they gain is unportable. We already require them to learn TAL, METAL, and lots of disorganized API—along with HTML, CSS, and JavaScript—so we should be darn careful of making the load any heavier.
  • Adding languages duplicates functionality. For example, take this repetition. This sort of thing happens all the time because ZCML has no looping construct. That might sound a little "out there" until you consider that it has already grown an "if" statement. Bizarre? Just wait a few iterations, and we'll have a pretty serviceable language in terms of flow control, except that it'll be useful only for configuring Zope sites, more verbose, less documented, and swallowed up inside a more mature language that should have kept doing the job in the first place.
  • GenericSetup is no more declarative than Python install procedures. It's a snapshotting system that's been Frankensteined into an installation one. Indeed, many of the above demerits could be excused if GS delivered a true declarative installation system. We could have uninstall for free, and it could be lingually impossible to commit the kind of screwups possible in manual install procedures. Instead, we have an imperative list of instructions just as before, except with more punctuation and thus arguably more opportunity for error. GenericSetup executes its instructions mindlessly and serially, just like Python, and if you make a mistake in your uninstall profile, you get a broken Plone site, just as before.

4 out of 5 developers agree

This underground consensus is growing. In my XML-provoked anger, I tossed some comments into #plone the other day expecting a quick rebuff, but what I got was a cascade of hearty agreement (reformatted so you don't go insane):

  1. sm: ErikRose, your cause is just! I for one am with you! *sings a valorous song*
  2. trollfot backs ErikRose.

  3. ErikRose: I find both [viewlets.xml and GenericSetup] equally difficult. I don't even differentiate.

    james4765: oh good, it's not just me :P

  4. sixstring: +1 to ErikRose's cause.
  5. claytron, our number five, was a little reticent, observing that it's a nightmare to register a portlet in Python. I agree, and that very API nightmarishness is one of the main things we need to fix.

What to do?

  • Use convention over configuration wherever possible. Lennart Regebro and friends have done some great work toward this with five.grok. Let's support them!

  • For the remaining configuration, let's do it in Python. It's one of the easiest to learn languages out there, and WebLion's beginners pick it up faster than GS XML. It's mature, has all the constructs we're likely to need, and, because the rest of the system is in Python, we won't be throwing up any big, brick walls that discourage refactoring.

    For this to work, our API must excel (which it should anyway). There's been a disquieting trend to just throw more abstraction layers atop ugly APIs in the Zope world, and that has to stop—it leaves us with endless layers of cruft no one understands, incomprehensible tracebacks and weekend-long pdb sessions, and duplication of code (do you hear me, MembershipTool?). In addition, our functions should be very difficult to call incorrectly: when somebody screws up, we need to throw errors ASAP. For example, let's stay away from functions you can call a million different ways. Overloading functions doesn't go well in Python, since you need a pile of hard-to-read, error-prone branching logic at the top to infer what the caller was thinking.

  • STOP WRITING SO MUCH CODE! ZopeSkel is all well and good, but I'd like to see it all but killed by good APIs. Those pages of boilerplate that DIYPloneStyle used to generate? They should be made unnecessary by fixing Plone's APIs or else moved wholesale into Plone so they can be maintained OnceAndOnlyOnce. Folks can call them from their install procedures, which can be trimmed to a sliver of their former girth.

    The above API fixes will also further this goal. We need to mercilessly redesign parts of the API that make doing the right thing prohibitively verbose. Needing to do this sort of thing to uninstall a simple skin is inexcusable.

  • Once we have an excellent API, we can, as a bonus, design a proper declarative config language on top of it. This language should never be shown to the user and could better be classed a mere format: there should be tools for manipulating it (big green button?), perhaps repurposing the good work that's gone into GS snapshot-taking. Ideally, this format would be scarcely about state manipulation and almost entirely about layers of desires, each product telling the system how it would like things and the system brokering conflicts. On uninstall, a product's layers would be pulled out of the stack and simply stop taking effect. Uninstall profiles would be necessary for only the strangest of cases.
  • It should have a pony.

What we need now is some proofs of concept to show that these admittedly ambitious goals are attainable. I'll race you to the repository!

Document Actions

No!

Posted by Anonymous User at Oct 21, 2008 08:12 AM

I can certainly understand that people are frustrated by poorly docmented languages, but it would a big mistake to perform configuration in Python. A fully-fledged programming language is not place to store configuration settings, much like the ZODB is a bad place to persist settings that are not reflected elsewhere (e.g. in GenericSetup). We've been there with Install.py and it's a mess. Developers end up copying boilerplate they don't understand, or writing code that's too clever by half.

Configuration should be dumb, system-parsable and easy to understand. If ZCML grew a looping construct, it'd be a disaster. If we dropped GS, we'd be back in the dark ages. (though many of the GS files should be better documented, I agree)

That said, I'm a big fan of the Grok-based convention-over-configuration for registering components. Components are code constructs, not configuration. Wiring of components does not need to be externalised (though the override of default wiring should still be externalisable), and reducing the number of files a developer needs to use for a given task is a worthy goal.

Martin

Disagree

Posted by Anonymous User at Oct 21, 2008 11:31 AM

Python as a configuration language doesn't mean that you must have a full-bore Python package as the configuration!

In 99.99999999% of the time, you would use simple Python assignment statements, comments, and lists. Look at Django's settings.py file for an example of this.

"Configuration" is the defining of constants, i.e., the loading of values into constants, which configure the framework. These are, and should be, just assignment statements:

# Define the location of static media STATIC_MEDIA = "/martin/local/media"

In rare, repeat rare, occasions, you might need to define a function to figure something out for configuration purposes. But, (a) we would all agree that if you need to do that, there's something way too complicated with your configuration, and you should stop and simplify things, and (b) IF this is really necessary, wouldn't it be great to have Python right there, so you can do it?

"Dumb, system-parsable, and easy to understand": That's Python! That's variable = value. That's variable = [value1, value2, value3]. It's simpler, easier, and less error prone than an XML dialect.

I also agree wholeheartedly with convention over configuration.

John DeRosa

Formatting oops

Posted by Anonymous User at Oct 21, 2008 11:32 AM

Those two lines of code were merged into a paragraph. Don't know how to force a line break in comments here, so...:

# Define the location of static media

STATIC_MEDIA = "/martin/local/media"

Maybe!

Posted by Erik Rose at Oct 21, 2008 03:24 PM
Actually, I think we basically agree, Martin. The trouble is that GS isn't really configuration at all: it's imperative instructions, and if you're going to have those, you might as well have them in a programming language so you can do proper OnceAndOnlyOnce. However, I want to fix the root problem and replace GS with something declarative. The replacement would be a storage format, not a human-facing language, so that would fit your philosophy.

That said, there are distinct OnceAndOnlyOnce advantages to be had by expressing even declarative-in-spirit configuration in a programming language. For example, in hostsettings.py (https://weblion.psu.edu/[…]/hostsettings.py#L20), _apache2Url is used as part of both svnUrl and tracUrl, but no information is repeated. An even deeper example would see kerberosRealm pulled from the system's krb5.conf so it isn't repeated twice on the system. That can easily be done in a general-purpose language but would be impossible in, say, an ini file. Pieces of config that don't need that sort of complexity remain simple, and pieces that do become possible.

Btw, thanks for letting us pick your brain during the sprints last week; I'm excited to start playing around with capability-based things in FacultyStaffDirectory!

—Erik

Wrong logic

Posted by Anonymous User at Oct 22, 2008 08:32 AM

"A fully-fledged programming language is not place to store configuration setting"

Making configuration so complicated that it requires a full programming language is a bad idea. This does not imply that using a (subset of) a programming language for simple configuration is a bad idea.

Just m2c, Joerg

+1

Posted by Anonymous User at Oct 22, 2008 09:52 AM

You said it much better than I did!

John DeRosa

O yes

Posted by Anonymous User at Oct 21, 2008 05:28 PM

I completely agree with this title. I don't like ZCML myself too.

“Configuration” is a programming task

Posted by Erik Rose at Nov 11, 2008 12:15 AM
In his critique of Zope 3 (http://www.z3lab.org/[…]/2006_09_23_times-they-changin), Jean-Marc Orliaguet makes one more point I forgot: I’ve heard claims that ZCML is meant to be a simpler language, encouraging non-programmers to do configuration. (As to whether it's simpler, you can make up your own mind.) Orliaguet writes…

“The idea with ZCML is to move the configuration part of the application away from the Python code. So in order to reconfigure a component one would not change the existing application.

“Technically this is true. Practically however, one is required to understand how the code works in order to modify a ZCML configuration file, so this only adds an extra indirection compared to modifying the existing Python code directly.”

Since “configuration” in the component-wiring sense is so closely coupled to the code, we should keep it as lexically close as possible.

ZOPE

Posted by Anonymous User at Nov 21, 2008 10:49 AM

May bee zope must be more simple...

Not a ZCML / XML fan

Posted by Catherine Williams at Mar 23, 2009 04:17 PM
As an "integrator" and site manager responsible for developing theme and policy products, I'd much rather be doing everything in Python than in poorly documented, confusingly inconsistent ZCML and XML.

Plone Complexity

Posted by Don Williams at Apr 18, 2009 12:08 AM
I agree 100% with Erik. After recently going through the hell of trying to migrate a Plone 2.5 site to Plone3, and encountering broken applications, no longer supported functionality etc. etc., I was about to fire off a broadside to the Plone 4 team along the following lines:

1. If this were a "commercial" software application with these sorts of migration problems, the company developing it
   would quickly go out of business.

2. As stated above, there should be a consistent API across versions of Plone so that already developed products/sites
   do not break when upgrading, no matter what the changes in the engine room.

3. One of the things that attracted me to Plone was that, through ArchgenXML, it supported, for people like myself who
   wished to get applications running, not learn more software languages, using a modeling tool to define the
   application and then automatically generate the code. This appealed to me as someone who had been involved with CASE
   tools for nearly 25 years.

   It now appears that much of this is going to be thrown away in Plone 4 for yet another hackers delight, Coral:


   http://www.openplans.org/projects/genesis/project-home

   http://mde.abo.fi/confluence/display/CRL/Home

   I think they are missing the point. Until there is a consistent API into Plone, any type of modeling/code generator
   project is going to be continually chasing functionality that is added or discarded in the core Plone product.

   If this goes ahead, existing applications applications built using Poseidon or Argo, will have to be rebuilt in
   another modeling environment, with no advantage to the developer, or to the end user.

   I think I now understand why so many products developed for earlier versions of Plone have not been maintained - the
   workload is simply too high for people who are part timers at this. Plone is becoming more and more a hackers
   heaven, too close to the code, and too much a nightmare for people like myself, and I suspect lots of others, who
   would like to use Plone and it's add-on products as the basis to build products/sites with specific additional
   functionality without having to delve into the bowels of the underlying code or learn multiple additional languages,
   and also only do this once for any particular additional product or site.

   The site I developed additional functionality for is at: http://www.franktraynors.au.com

   It is a project to document the history of a folk and jazz music club in Melbourne Australia in the 1960's, but
   could be easily be adopted for any history project.

Regards,
Don Williams (don at bogong-tech.com.au)


Need help now?

Immediate assistance is available during university work hours:

News & views…
Posted Oct 13, 2009 Portlets gone wild with ContentWellPortlets 2.0.1 This new release adds the ability to add portlets to the footer area. It also has 6 portlet managers per area. This means 20 total portlet managers including the 2 on the sides that ship with plone.
Posted Sep 17, 2009 Plone 4 – An interview with Zope News Jan Ulrich Hasecke interviews me for Zope News.
Posted Aug 31, 2009 Web Services API for Plone Alpha 3 Release Details the release of the wsapi4plone.core package and the plans for future releases. The final report of the AtomPub for Plone Google Summer of Code project.
Posted Aug 28, 2009 Content editing and creation in Plone is faster with archetypes.schematuning Some bench marks of content editing and creation in Plone with and without archetypes.schematuning installed.
More news & views…