Re: Automated solutions for a small ISP
Igor Wawrzyniak wrote:
I work for a small Internet provider. I'm getting tired of
entering the same information in many places (e.g., new client's
IP into DHCP, DNS and /etc/ethers). I'd like to have a system
which automates such tasks (OK, I've got a few scripts, but that's
not enough). I have a few ideas - could you comment them?
This is what I use. Only limited by programming skills (and time to
code) ;-). We use two replicating mysql servers, some perl scripts
(configuration agents for apache), and a web interface in PHP. This came
with an extra bonus - as I store the custoer's id in most tables, I
built a customer self-service portal on top of what I had in only a few
hours :-). We also use freeradius, postfix, courier-imap and mydns,
which authenticate/read their data directly from mysql, so we only need
to generate apache's config files. Apache virtual host accounting is
done through a perl script parsing mod_watch's output, so there's no
need to parse those n GB of access_log every night... Works like a
charm, but is non-free (since my boss was paying me, eventually).
Idea 1) Write a system which keeps the hosts information (and in
future - user information) in some kind of a database (file, MySQL
or LDAP, probably I'll choose MySQL) and generates configuration
files. Advantages: easy to implement. Disadvantages: limited use.
Seems I have done (2) in mysql, and I don't regret it. IMHO there's too
much relational data in such a system to implement it with a LDAP
backend. After all, mysql has replication, too.
Idea 2) Install a full-blown ISP managemant system, probably based on
LDAP - for example the one described here:
Advantages: it fully automates many mundane tasks, scales very
well, has a web interface that can be used by not-so-technical
personnel. Disadvantages: hard to implement, such a complicated
system can screw up the system in more ways then I can imagine,
security hole in this system could cause a total breakdown.
Or maybe there's another system I can use? Preferably something
modular, so that I can LDAPize some things (it doesn't really need
to be LDAP, but I feel it is the future) and keep good old
config files for other stuff? Maybe it'll be better to write
my own system (Idea 1), but with scalability in mind - that way
I will know what it does and it will minimize the risk of screwing
the system up?