Difference between revisions of "Alpine Configuration Framework Design"

From Alpine Linux
Jump to: navigation, search
(This was really out of date. Tried to match current SVN.)
Line 93: Line 93:
 
|}
 
|}
 
* Edit global settings
 
* Edit global settings
* Edit subnets
+
* Create/Edit/Delete subnets and hosts
* Generate config-files
+
* View leases
  
=== Firewall ===
+
=== DNS ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''tinydns'''.
 +
|}
 +
* View current DNS configuration/information
 +
* Create/Edit/Delete domain files
 +
* Per user and per role permissions
 +
 
 +
=== DNScache ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''dnscache'''.
 +
|}
 +
* Edit configuration
 +
* Edit allowed clients
 +
* Create/Edit/Delete DNS server entries
 +
 
 +
=== DNSmasq ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''dnsmasq'''.
 +
|}
 +
* Edit configuration
 +
* View leases
 +
* View logfile
 +
 
 +
=== Chrony ===
 
{|
 
{|
 
| '''Status:''' || Ready for betatest
 
| '''Status:''' || Ready for betatest
 
|-
 
|-
| '''Summary:''' || Configure '''shorewall'''.
+
| '''Summary:''' || Configure '''chrony'''.
 
|}
 
|}
* Show program status
+
* Edit configuration
* Guided configuration
+
* View logfile
* Expert configuration
 
* Show logfile
 
  
 
=== NTPD ===
 
=== NTPD ===
Line 113: Line 141:
 
| '''Summary:''' || Configure timeserver '''openntpd'''.
 
| '''Summary:''' || Configure timeserver '''openntpd'''.
 
|}
 
|}
* Show program status
+
* Edit configuration
* Guided configuration
+
* View logfile
* Expert configuration
+
 
* Show logfile
+
=== SSH ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''openssh'''.
 +
|}
 +
* View connections
 +
* Edit configuration
 +
* Edit authorized keys
 +
 
 +
=== Fetchmail ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''fetchmail'''.
 +
|}
 +
* Edit global settings
 +
* Create/Edit/Delete mailbox/domain entries
 +
 
 +
=== Samba ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''samba'''.
 +
|}
 +
* Edit configuration
 +
* Create/Edit/Delete shares
 +
* Join domain
 +
 
 +
=== TCPproxy ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''tcpproxy'''.
 +
|}
 +
* Edit configuration
 +
* Create/Edit/Delete STMP Proxy entries and files
 +
 
 +
=== Firewall ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''shorewall'''.
 +
|}
 +
* Edit configuration
 +
* View logfile
  
 
=== OpenVPN ===
 
=== OpenVPN ===
 
{|
 
{|
| '''Status:''' || Ready for alphatest
+
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Configure '''openvpn'''.
 +
|}
 +
* Create/Edit/Delete configs
 +
* View logfile
 +
 
 +
=== IPsec ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 
|-
 
|-
| '''Summary:''' || Configure timeserver '''openntpd'''.
+
| '''Summary:''' || Configure '''ipsec-tools'''.
 
|}
 
|}
* Show available configs
+
* Edit configuration
* Show config-details
+
* Upload/View/Delete certificates
* Guided configuration '''ToDo'''
+
* View logfile
* Edit config in expert mode
 
* Show certificate information '''ToDo'''
 
* Show logfile
 
  
=== DNS ===
+
=== IPtables ===
 
{|
 
{|
| '''Status:''' || [[Work in progress]]
+
| '''Status:''' || Ready for betatest
 
|-
 
|-
| '''Summary:''' || Configure '''tinydns'''.
+
| '''Summary:''' || Configure '''iptables'''.
 +
|}
 +
* Edit configuration (rules-save file)
 +
* Create/Edit/Delete chains and rules
 +
 
 +
=== NHRP ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 
|-
 
|-
| '''ToDo:''' || Caching/Hosting/for both Internet and Inside firewall nets
+
| '''Summary:''' || Configure '''opennhrp'''.
 
|}
 
|}
* View current DNS-configuration/information
+
* Edit configuration
* Edit config-files
 
  
=== Fetchmail ===
+
=== Zebra and BGP ===
 
{|
 
{|
| '''Status:''' || [[Work in progress]]
+
| '''Status:''' || Ready for betatest
 
|-
 
|-
| '''Summary:''' || '''fetchmail''' configuration/Relay host/store and forward.
+
| '''Summary:''' || Configure '''quagga'''.
 
|}
 
|}
* Show program status
+
* View routes
* Guided configuration
+
* Edit configuration
* Expert configuration
 
  
  
 
== Applications ==
 
== Applications ==
 
Application related modules
 
Application related modules
 +
 +
=== Certificate Authority ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Generate / sign certifiates using '''openssl'''.
 +
|}
 +
* Edit configuration
 +
* View/Create/Upload CA certificate
 +
* Edit certificate defaults
 +
* Generate/View/Delete/Approve requests
 +
* View/Download/Renew/Revoke certificates
 +
* Generate and download CRLs
  
 
=== Web Proxy ===
 
=== Web Proxy ===
Line 162: Line 259:
 
| '''Summary:''' || Configure '''squid'''.
 
| '''Summary:''' || Configure '''squid'''.
 
|}
 
|}
* Show program status
+
* Edit configuration
* Guided configuration
+
* Edit user list
 +
* Edit associated files
  
 
=== Content Filter ===
 
=== Content Filter ===
Line 171: Line 269:
 
| '''Summary:''' || Configure '''dansguardian'''.
 
| '''Summary:''' || Configure '''dansguardian'''.
 
|}
 
|}
* Show program status
+
* Edit configuration
* Guided configuration
 
  
 
=== Snort ===
 
=== Snort ===
Line 179: Line 276:
 
|-
 
|-
 
| '''Summary:''' || Configure '''snort'''.
 
| '''Summary:''' || Configure '''snort'''.
 +
|}
 +
* View alerts
 +
* Edit configuration
 +
 +
=== Gnats ===
 +
{|
 +
| '''Status:''' || ''Work in progress''
 
|-
 
|-
| '''ToDo:''' || Figure out what acf-snort needs to do more.
+
| '''Summary:''' || Configure '''gnats'''.
 
|}
 
|}
* Show program status
+
* Edit configuration
* Show alert-list
+
* Report a bug
* Expert configuration
+
* Query problem reports
  
  
Line 192: Line 296:
 
=== Interfaces ===
 
=== Interfaces ===
 
{|
 
{|
| '''Status:''' || [[Work in progress]]
+
| '''Status:''' || Ready for betatest
 
|-
 
|-
 
| '''Summary:''' || Local interface management
 
| '''Summary:''' || Local interface management
 
|}
 
|}
* Show configured interfaces
+
* Create/Edit/Delete interfaces
* Edit/delete interfaces
+
* Bring up/down interfaces and restart networking
* Add new interfaces
 
 
 
=== LBU ===
 
{|
 
| '''Status:''' || Ready for betatest
 
|-
 
| '''Summary:''' || Saves your settings to floppy/usb/other media.
 
|}
 
* Show program status
 
* Show unsaved changes
 
* Guided configuration
 
* Expert configuration
 
* Commit/Save changes to media
 
  
=== General healt ===
+
=== General health ===
 
{|
 
{|
 
| '''Status:''' || Ready for betatest
 
| '''Status:''' || Ready for betatest
Line 221: Line 312:
 
* Show storage status
 
* Show storage status
 
* Show network status
 
* Show network status
 +
* Graph network activity
 
* Show modules status
 
* Show modules status
 
* Show proc status
 
* Show proc status
 +
 +
=== User Management ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || ACF User management
 +
|}
 +
* Edit self
 +
* Create/Edit/Delete ACF users
 +
* View roles for user
 +
 +
=== Roles Management ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || ACF Roles management
 +
|}
 +
* View own permissions
 +
* Create/Edit/Delete ACF roles
 +
* View all possible permissions
 +
 +
=== Packages ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Manage system packages ('''apk-tools''')
 +
|}
 +
* View/Delete loaded packages
 +
* View/Install available packages
 +
* Edit configuration
 +
 +
=== Modules ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Manage system modules
 +
|}
 +
* View loaded modules
 +
* Edit/Reload modules file
 +
 +
=== Startup ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Manage system startup
 +
|}
 +
* View/Edit service startup sequence
 +
 +
=== Cron ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Manage periodic jobs ('''cron''')
 +
|}
 +
* Edit configuration
 +
* Create/Edit/Delete periodic jobs
  
 
=== System logging ===
 
=== System logging ===
Line 230: Line 378:
 
| '''Summary:''' || Configure '''syslog'''.
 
| '''Summary:''' || Configure '''syslog'''.
 
|}
 
|}
* Show program status
+
* Edit configuration
* Guided configuration
 
* Expert configuration
 
  
 
=== Logfiles ===
 
=== Logfiles ===
Line 238: Line 384:
 
| '''Status:''' || Ready for betatest
 
| '''Status:''' || Ready for betatest
 
|-
 
|-
| '''Summary:''' || View/Delete/Download logfiles.
+
| '''Summary:''' || Manage logfiles.
 
|}
 
|}
* Delete logfiles
+
* View/Tail/Download/Delete logfiles
* View logfiles
 
* Download logfiles
 
  
 
=== Skins ===
 
=== Skins ===
Line 248: Line 392:
 
| '''Status:''' || Ready for use
 
| '''Status:''' || Ready for use
 
|-
 
|-
| '''Summary:''' || Switch skin.
+
| '''Summary:''' || Switch ACF skin
 
|}
 
|}
* Switch skin
+
* Select ACF skin
 +
 
 +
=== Local Backups ===
 +
{|
 +
| '''Status:''' || Ready for betatest
 +
|-
 +
| '''Summary:''' || Saves your settings to floppy/usb/other media ('''lbu''').
 +
|}
 +
* Show unsaved changes
 +
* Edit configuration
 +
* Commit/Save changes to media
 +
* Select backup archives
 +
* Generate and download overlay
  
  
Line 262: Line 418:
 
| '''Summary:''' || Different information/functions related to the SVN-tree
 
| '''Summary:''' || Different information/functions related to the SVN-tree
 
|}
 
|}
* svn info (Shows overview of the svn-tree on the svn-server)
+
* svn status (Shows whats changed since last 'svn update')
 +
* svn diff (Shows difference on your computer and on svn-server)
 +
* svn log (Shows the changelog 1 week back in time)
 
* svn update (Fetch all available updates)
 
* svn update (Fetch all available updates)
* svn diff (Shows difference on your computer and on svn-server)
 
* svn status (Shows whats changed since last 'svn update')
 
* svn log (Shows the changelog 1week back in time)
 
  
  
 
== ToDo ==
 
== ToDo ==
Still not started modules.
 
  
=== Routing ===
+
=== VPN ===
This is for remote/multi box routing, bgp...etc
+
Needs to be split into an administrative end for letting people connect to you (rogue warriors,personal laptop size connectivity) and VPN connectivity to other sites (remote office or location). These two are configured differently.
  
=== VPN ===
+
Still not started modules.
Needs to be split into an administrative end for letting people connect to you(rogue warriors,personal laptop size connectivity) and VPN connectivity to other sites(remote office or location). These are to configured differently.
 
  
 
=== Dialup ===
 
=== Dialup ===
Line 282: Line 435:
  
 
=== Dialup/PPPoE ===
 
=== Dialup/PPPoE ===
Configure Dialup/PPP/PPPoE connectivity. Maybe other Internet connections that aren't ethernet-which is Interfaces
+
Configure Dialup/PPP/PPPoE connectivity. Maybe other Internet connections that aren't ethernet (handled in Interfaces).
 
 
=== Source Manager ===
 
Way to change the /etc/apk/apk.conf
 
 
 
=== Package Manager ===
 
Way to say what to upgrade-install-remove...apk_*
 
 
 
=== Password Manager ===
 
Local password changer
 
  
 
=== Diagnostic ===
 
=== Diagnostic ===
Stats/Resource use/maybe graphs-rrd
+
Stats/Resource use/maybe graphs-rrd.  Ability to run ''ping'' command.

Revision as of 14:43, 10 December 2008

Alpine Configuration Framework

The Alpine Configuration Framework (ACF) is a mvc-style application for configuring an Alpine device. The primary focus is for a web interface - ACF's main goal is to be a light-weight MVC "webmin".

Why Haserl + Lua

Other competitors in the arena were Webmin, Ruby on Rails, PHP with templates.

A full webmin (Perl), RoR or PHP implementation each require several MB of installed code, and can have very slow startup times, especially when used in "cgi" mode. After evaluating many options, we found that Lua has the following advantages:

  • It is small (typically ~200KB of compiled code)
  • It compiles and runs much faster than PHP, Perl or Ruby
  • It provides a "normal" scripting language with features similar to PHP, perl, java, awk, etc.

Haserl + Lua provides a 'good enough' toolset to build a full-featured web application.

Why ACF is MVC

The MVC design pattern is used to separate presentation information from control logic. By MVC we mean:

  • Model - code that reads / writes a config file, starts / stops daemons, or does other work modifying the router.
  • View - code that formats data for output
  • Controller - code that glues the two together

Note the lack of words like: HTML, XML, OO, AJAX, etc. The purpose of ACF's MVC is simply to separate the configuration logic from the presentation of the output.

The flow of a single transaction is:

start -> execute requested function in controller, optionally reading/writing a file using functions in the model -> execute the view to format the output -> end

Every transaction follows this pattern. For ACF developers, the focus should be on getting a model that does a proper job of abstracting the config file into useable entities and then building a controller that presents useable "actions" based on the model. The presentation layer should be last on the priority list.

For good background information on what ACF attempts to do, please see Terence Parr's paper "Enforcing Strict Model-View Separation in Template Engines" at http://www.cs.usfcs.edu or the local copy of the pdf.

Starting ACF

The easiest way to start ACF is to run the setup-webconf script. This script will install mini-httpd, create a certificate, and start mini-httpd in HTTPS mode. WARNING - This will give anyone on the network access to your machine. The script will also install the two packages that are necessary for basic ACF: acf-core and acf-alpine-baselayout. To view ACF, simply browse to your machine (https://<hostname>/).

Alternately, you can manually install ACF and your web server. Once again, the two critical ACF packages are acf-core and acf-alpine-baselayout. The ACF packages will install to /usr/share/acf. You can configure your web server to give access to /usr/share/acf/www and run cgi scripts from /usr/share/acf/www/cgi-bin, and you should be able to view ACF.

If you would like to play with other ACF packages, we recommend you install the acf-apk-tools package. This package will allow you to install / delete other packages using ACF. You can then load any other acf-* packages you are interested in.

The two default login / password combinations are 'alpine' / 'test123' and 'foo' / 'test123'. 'alpine' is given ADMIN rights and 'foo' is given USER rights. We recommend you change your login id and password by selecting 'User Management'.

ACF Developer's Guides

  1. mvc.lua reference - mvc.lua is the core of ACF
  2. mvc.lua example - build a simple (command-line) application
  3. acf www-controller reference - ACF www application functions
  4. acf www-controller example - webify the above examples
  5. ACF_how_to_write - Step by step howto for writing acfs
  6. ACF core principles - Things that are standard across the application
  7. LPOSIX - Documentation for the Lua Posix functions
  8. ACF Libraries - Document the libraries and common functions
  9. Writing ACF Views - Guide for writing a view
  10. Writing ACF Controllers - Guide for writing a controller
  11. Writing ACF Models - Guide for writing a model

ACF Layout

ACF has support for multiple skins.
Only a few skins are available. Feel free to contribute in programming css-stylesheets for ACF.

Howto contribute

First download ACF using svn or installing available acf's using apk_add.
Easiest is if you download latest Alpine ISO, boot a box on that and then run 'setup-alpine' and 'setup-webconf -a' that way you get a running environment fast and easy!
Some example skins are available

  • /usr/share/acf/www/skins/ice/
  • /usr/share/acf/www/skins/snow/

Make a new skin-folder

mkdir /usr/share/acf/www/skins/myskin

Create a css file called as the folder.

touch /usr/share/acf/www/skins/myskin/myskin.css

Now you can start editing your myskin.css.
If you have ACF running on a computer, you can browse to this ACF-page and switch to your knew skin (called myskin) and see the results of your changes.

Pack your myskin-folder, containing your css-file (and images, if there is any).
Send this patch to acf@lists.alpinelinux.org (Note: Don't forget to subscribe before sending your patch)

ACF Modules

Networking

Networking related modules.

DHCP server

Status: Ready for betatest
Summary: Configure isc-dhcp.
  • Edit global settings
  • Create/Edit/Delete subnets and hosts
  • View leases

DNS

Status: Ready for betatest
Summary: Configure tinydns.
  • View current DNS configuration/information
  • Create/Edit/Delete domain files
  • Per user and per role permissions

DNScache

Status: Ready for betatest
Summary: Configure dnscache.
  • Edit configuration
  • Edit allowed clients
  • Create/Edit/Delete DNS server entries

DNSmasq

Status: Ready for betatest
Summary: Configure dnsmasq.
  • Edit configuration
  • View leases
  • View logfile

Chrony

Status: Ready for betatest
Summary: Configure chrony.
  • Edit configuration
  • View logfile

NTPD

Status: Ready for betatest
Summary: Configure timeserver openntpd.
  • Edit configuration
  • View logfile

SSH

Status: Ready for betatest
Summary: Configure openssh.
  • View connections
  • Edit configuration
  • Edit authorized keys

Fetchmail

Status: Ready for betatest
Summary: Configure fetchmail.
  • Edit global settings
  • Create/Edit/Delete mailbox/domain entries

Samba

Status: Ready for betatest
Summary: Configure samba.
  • Edit configuration
  • Create/Edit/Delete shares
  • Join domain

TCPproxy

Status: Ready for betatest
Summary: Configure tcpproxy.
  • Edit configuration
  • Create/Edit/Delete STMP Proxy entries and files

Firewall

Status: Ready for betatest
Summary: Configure shorewall.
  • Edit configuration
  • View logfile

OpenVPN

Status: Ready for betatest
Summary: Configure openvpn.
  • Create/Edit/Delete configs
  • View logfile

IPsec

Status: Ready for betatest
Summary: Configure ipsec-tools.
  • Edit configuration
  • Upload/View/Delete certificates
  • View logfile

IPtables

Status: Ready for betatest
Summary: Configure iptables.
  • Edit configuration (rules-save file)
  • Create/Edit/Delete chains and rules

NHRP

Status: Ready for betatest
Summary: Configure opennhrp.
  • Edit configuration

Zebra and BGP

Status: Ready for betatest
Summary: Configure quagga.
  • View routes
  • Edit configuration


Applications

Application related modules

Certificate Authority

Status: Ready for betatest
Summary: Generate / sign certifiates using openssl.
  • Edit configuration
  • View/Create/Upload CA certificate
  • Edit certificate defaults
  • Generate/View/Delete/Approve requests
  • View/Download/Renew/Revoke certificates
  • Generate and download CRLs

Web Proxy

Status: Ready for betatest
Summary: Configure squid.
  • Edit configuration
  • Edit user list
  • Edit associated files

Content Filter

Status: Ready for betatest
Summary: Configure dansguardian.
  • Edit configuration

Snort

Status: Ready for betatest
Summary: Configure snort.
  • View alerts
  • Edit configuration

Gnats

Status: Work in progress
Summary: Configure gnats.
  • Edit configuration
  • Report a bug
  • Query problem reports


System

System/Other related modules

Interfaces

Status: Ready for betatest
Summary: Local interface management
  • Create/Edit/Delete interfaces
  • Bring up/down interfaces and restart networking

General health

Status: Ready for betatest
Summary: Show status on your running system.
  • Show system status
  • Show storage status
  • Show network status
  • Graph network activity
  • Show modules status
  • Show proc status

User Management

Status: Ready for betatest
Summary: ACF User management
  • Edit self
  • Create/Edit/Delete ACF users
  • View roles for user

Roles Management

Status: Ready for betatest
Summary: ACF Roles management
  • View own permissions
  • Create/Edit/Delete ACF roles
  • View all possible permissions

Packages

Status: Ready for betatest
Summary: Manage system packages (apk-tools)
  • View/Delete loaded packages
  • View/Install available packages
  • Edit configuration

Modules

Status: Ready for betatest
Summary: Manage system modules
  • View loaded modules
  • Edit/Reload modules file

Startup

Status: Ready for betatest
Summary: Manage system startup
  • View/Edit service startup sequence

Cron

Status: Ready for betatest
Summary: Manage periodic jobs (cron)
  • Edit configuration
  • Create/Edit/Delete periodic jobs

System logging

Status: Ready for betatest
Summary: Configure syslog.
  • Edit configuration

Logfiles

Status: Ready for betatest
Summary: Manage logfiles.
  • View/Tail/Download/Delete logfiles

Skins

Status: Ready for use
Summary: Switch ACF skin
  • Select ACF skin

Local Backups

Status: Ready for betatest
Summary: Saves your settings to floppy/usb/other media (lbu).
  • Show unsaved changes
  • Edit configuration
  • Commit/Save changes to media
  • Select backup archives
  • Generate and download overlay


DevTools

DevTools is a (set of) ACF(s) that could come in handy when developing ACF.

SVN status

Status: Ready for use
Summary: Different information/functions related to the SVN-tree
  • svn status (Shows whats changed since last 'svn update')
  • svn diff (Shows difference on your computer and on svn-server)
  • svn log (Shows the changelog 1 week back in time)
  • svn update (Fetch all available updates)


ToDo

VPN

Needs to be split into an administrative end for letting people connect to you (rogue warriors,personal laptop size connectivity) and VPN connectivity to other sites (remote office or location). These two are configured differently.

Still not started modules.

Dialup

Start/Stop Dialup connection

Dialup/PPPoE

Configure Dialup/PPP/PPPoE connectivity. Maybe other Internet connections that aren't ethernet (handled in Interfaces).

Diagnostic

Stats/Resource use/maybe graphs-rrd. Ability to run ping command.