diff options
Diffstat (limited to 'doc/plugins/generators/hostbase.txt')
| -rw-r--r-- | doc/plugins/generators/hostbase.txt | 174 |
1 files changed, 174 insertions, 0 deletions
diff --git a/doc/plugins/generators/hostbase.txt b/doc/plugins/generators/hostbase.txt new file mode 100644 index 000000000..4b85fecd0 --- /dev/null +++ b/doc/plugins/generators/hostbase.txt @@ -0,0 +1,174 @@ +.. -*- mode: rst -*- + +======== +Hostbase +======== + +IP management system built on top of Bcfg2. It has four main parts: a django data model, a web frontend, command-line utilities, and a Bcfg2 plugin that generates dhcp, dns, and yp configuration files. + +Installation +============ + +Overview +-------- + +Installation of Hostbase requires installation of a python module, configuration of database (mysql or postgres), and configuration of an Apache webserver with mod_python. Hostbase was developed using MySQL, so this document is aimed at MySQL users. + +Prerequisites +------------- + + * mysql + * python-mysqldb + * [http://www.djangoproject.com Django] 0.95 or greater + +Install +------- + +'''Install Hostbase python module:''' + +As of Bcfg2 v0.8.7; the Hostbase module has been renamed Bcfg2.Server.Hostbase, and is automatically installed; there is nothing to do in this step. + +'''Configure the database''' + +Create the hostbase database and a user. For MySQL users:: + + mysql> CREATE DATABASE hostbase + mysql> quit + + systemprompt#: mysql -u root hostbase + mysql> GRANT ALL PRIVILEGES ON *.* TO hostbaseuser@mycomputer.private.net IDENTIFIED + BY 'password' WITH GRANT OPTION; + mysql> quit + +As of Bcfg2 v0.8.7 configuration options for Hostbase have moved to {{{/etc/bcfg2.conf}}}. There is an example bcfg2.conf with Hostbase options located at {{{bcfg2-tarball/examples/bcfg2.confHostbase}}}. Edit the hostbase options to correspond to the database you've initialized and copy the configuration to {{{/etc/bcfg2.conf}}}. To finish creating the database, from your {{{path to python/Bcfg2/Server/Hostbase}}} directory, run {{{python manage.py syncdb}}} to do all table creation. + +'''Configure the web interface''' + +Now it's possible to explore the Hostbase web interface. For curiosity, you can run Django's built-in development server to take a peek. Do this by running {{{python manage.py runserver [servername:port]}}} from your Hostbase directory. Django will default to {{{localhost:8000}}} if no server or port is entered. Now you can explore the web interface. Try adding a host and a zone. You'll see that a ".rev" zone already exists. This is where information for reverse files will go. + +For production, you'll want to have this configured for Apache with mod_python. Here is an example of how to configure Hostbase as a virtual host. + +.. code-block:: html + + <VirtualHost hostbase.mcs.anl.gov:80> + ServerAdmin systems@mcs.anl.gov + + DocumentRoot /var/www/hostbase/ + <Directory /> + AllowOverride None + </Directory> + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + ServerSignature Off + + # Stop TRACE/TRACK vulnerability + <IfModule mod_rewrite.c> + RewriteEngine on + RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) + RewriteRule .* - [F] + </IfModule> + + Redirect / https://hostbase.mcs.anl.gov/ + </VirtualHost> + + <VirtualHost hostbase.mcs.anl.gov:443> + ServerAdmin systems@mcs.anl.gov + + DocumentRoot /var/www/hostbase/ + <Directory /> + AllowOverride None + </Directory> + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + ServerSignature Off + + # Stop TRACE/TRACK vulnerability + <IfModule mod_rewrite.c> + RewriteEngine on + RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) + RewriteRule .* - [F] + </IfModule> + + SSLEngine On + SSLCertificateFile /etc/apache2/ssl/hostbase_server.crt + SSLCertificateKeyfile /etc/apache2/ssl/hostbase_server.key + + <Location "/"> + SetHandler python-program + PythonHandler django.core.handlers.modpython + SetEnv DJANGO_SETTINGS_MODULE Bcfg2.Server.Hostbase.settings + PythonDebug On + </Location> + <Location "/site_media/"> + SetHandler None + </Location> + </VirtualHost> + + +You'll need to copy the contents of {{{Hostbase/media}}} into {{{/var/www/hostbase/site_media}}} in this configuration to serve the correct css files. + +'''Enable the Hostbase plugin''' + +Now that the database is accessible and there is some data in it, you can enable the Hostbase plugin on your bcfg2 server to start generating some configuration files. All that needs to be done is to add {{{Hostbase}}} to the end of the list of generators in your bcfg2.conf file. To see what's being generated by Hostbase, fire up a bcfg2 development server: {{{bcfg2-info}}}. For more information on how to use the bcfg2 development server, type help at the prompt. For our purposes, type {{{debug}}}. This will bring you to an interactive python prompt where you can access bcfg's core data. + +.. code-block:: python + + for each in bcore.plugins['Hostbase'].filedata: + print each + + +The above loop will print out the name of each file that was generated by Hostbase. You can see the contents of any of these by typing {{{print bcore.plugins['Hostbase'].filedata[filename]}}}. + +'''Create a bundle''' + +Bcfg2 needs a way to distribute the files generated by Hostbase. We'll do this with a bundle. In bcfg's {{{Bundler}}} directory, touch {{{hostbase.xml}}}. + +.. code-block:: xml + + <Bundle name='hostbase' version='0.1'> + <Package name='dhcp3-server'/> + <Package name='bind9'/> + <Service name='dhcp3-server'/> + <Service name='bind9'/> + <ConfigFile name='/etc/dhcp3/dhcpd.conf'/> + <ConfigFile name='/etc/bind/[your domain]'/> + <ConfigFile name='/etc/bind/xxx.xxx.xxx.rev'/> + </Bundle> + +The above example is a bundle that will deliver both dhcp and dns files. This can be trivially split into separate bundles. It is planned that Hostbase will eventually be able to generate the list of {{{ConfigFiles}}} in its bundles automatically. + + +'''Do a Hostbase push''' + +You'll want to be able to trigger the Hostbase plugin to rebuild it's config files and push them out when data has been modified in the database. This can be done through and XMLRPC function available from the Bcfg2 server. From a client that is configured to receive one or more hostbase bundles, you'll need to first edit your {{{python/site-packages/Bcfg2/Client/Proxy.py}}} file. Add {{{'Hostbase.rebuildState'}}} to the list of methods in the bcfg2 client proxy object. The modified list is shown below: + +.. code-block:: python + + class bcfg2(ComponentProxy): + '''bcfg2 client code''' + name = 'bcfg2' + methods = ['AssertProfile', 'GetConfig', 'GetProbes', 'RecvProbeData', 'RecvStats', 'Hostbase.rebuildState'] + +Now copy the file {{{hostbasepush.py}}} from {{{bcfg2/tools}}} in the bcfg2 source to your machine. When this command is run as root, it triggers the Hostbase to rebuild it's files, then runs the bcfg2 client on your local machine to grab the new configs. + + +Authentication +============== + +Edit Django settings +-------------------- + +Django allows for custom authentication backends to its login procedure. Hostbase has an NIS authentication backend that verifies a user to be in the unix group allowed to modify Hostbase. + +To enable this feature: + * first edit your {{{Hostbase/settings.py}}} file and uncomment the line {{{'Hostbase.backends.NISBackend',}}} in the list of {{{AUTHENTICATION_BACKENDS}}} + * enter the name of the unix group you want to give access to Hostbase in the {{{AUTHORIZED_GROUP}}} variable + * in your {{{Hostbase/hostbase/views.py}}} file at the very bottom, uncomment the block(s) of lines that give you the desired level of access + +Hostbase will now direct the user to a login page if he or she is not authorized to view a certain page. Users should log in with their regular Unix username and password. |