Igor Wawrzyniak wrote:
I work for a small Internet provider. I'm getting tired of entering the same information in many places (e.g., new client's IP into DHCP, DNS and /etc/ethers). I'd like to have a system which automates such tasks (OK, I've got a few scripts, but that's not enough). I have a few ideas - could you comment them?
No problem...
This is what I use. Only limited by programming skills (and time to code) ;-). We use two replicating mysql servers, some perl scripts (configuration agents for apache), and a web interface in PHP. This came with an extra bonus - as I store the custoer's id in most tables, I built a customer self-service portal on top of what I had in only a few hours :-). We also use freeradius, postfix, courier-imap and mydns, which authenticate/read their data directly from mysql, so we only need to generate apache's config files. Apache virtual host accounting is done through a perl script parsing mod_watch's output, so there's no need to parse those n GB of access_log every night... Works like a charm, but is non-free (since my boss was paying me, eventually).Idea 1) Write a system which keeps the hosts information (and in future - user information) in some kind of a database (file, MySQL or LDAP, probably I'll choose MySQL) and generates configuration files. Advantages: easy to implement. Disadvantages: limited use.
Seems I have done (2) in mysql, and I don't regret it. IMHO there's too much relational data in such a system to implement it with a LDAP backend. After all, mysql has replication, too.Idea 2) Install a full-blown ISP managemant system, probably based on LDAP - for example the one described here: http://www.tldp.org/linuxfocus/English/September2000/article173.shtml Advantages: it fully automates many mundane tasks, scales very well, has a web interface that can be used by not-so-technical personnel. Disadvantages: hard to implement, such a complicated system can screw up the system in more ways then I can imagine, security hole in this system could cause a total breakdown. Or maybe there's another system I can use? Preferably something modular, so that I can LDAPize some things (it doesn't really need to be LDAP, but I feel it is the future) and keep good old config files for other stuff? Maybe it'll be better to write my own system (Idea 1), but with scalability in mind - that way I will know what it does and it will minimize the risk of screwing the system up? Best regards
Thomas