Randy Terbush wrote: [snip] > > > > > Bingo- as a start we'd just "communicate" with apache via it's config > > files. In future, once this whole system is up and operational and > > there is perhaps a mod_monitor or mod_snmp then we can gradually fold > > this functionality into the server. To my thinking the server would > > have to be threaded before something like this could come to pass so > > first things first. But using SNMP as a configuration language from the > > start would make this this integration much easier and keep the number > > of protocols required down to a minimum of one. > > But..But... > > Harrie has already written a mod_snmp. This is where I don't agree. > The SNMP functionality needs to go in the server. As he pointed > out, we will need to write the config MIB, but I'm excited to have > a look at his tool to generate the C code from the MIB.
Depending on the mod_snmp integeration the current protocol engine is not able to do writes and so. I deliberatly took them first out, because this functionality wasn't needed. Also the tool to generate C code from a MIB is a bit changed, since my first relaese of mod_snmp. So if we ship in the protocol engine of my tool it is directly able to do writes as well. The tool still need an extension in order to generate also all SNMP-set funtions. But that can be done quit quickly. URL' for the mod_snmp -> http://www-musiq.jrc.it/software/snmp0b1_apache1_2b8.tar (This is also placed by Randy at Apache-site) SNMP-toolkit -> http://www-musiq.jrc.it/~harrie/smut/smut_2b1.tar.gz Writing such a config MIB is not that difficult aspecially if I get a view on what the configuration toolkit does at the front and how Apache needed to write this internally. This could be based on some earlier given object class example. About mod_monitor and mod_snmp. What should mod_monitor do in this case?? Provide already exisiting statistics as the status module or the mod_snmp. For the monitor part you can build the GUI on some PD SNMP-java classes, I guess. > > > > > This part is what I not completely get, maybe you can explain this?? > > > > An SNMP solution should be that the SNMP agent inside Apache > > > > completely configures it. Something as the configuration tool > > > > speak SNMP with the Apache agent and the SNMP-SET changes > > > > directly the appriopriate variables in Apache (runtime). > > > > > > > > HH > > > > > Right now the configuration server would be a separate process on the > > machine hosting the web server. The configuration server would read and > > then write changes to the configuration files and then HUP the web > > server. We can have the configuration server find out about the modules > > installed in the web server by parsing the result of apache -h (I think > > this is the flag- there's a flag which causes apache to spit out info on > > which modules/options are compiled in similar to the information > > displayed by mod_config.) > > In my opinion, the config server is just an added exercise that > really isn't needed. You probably weren't aware that Harrie has > given us a start with mod_snmp. Correct me if I am wrong, but is the concept of the configuration server bnot based on the fact that the Apache-server and the configuration server run at the same box?? So remote-shells, remote-login are also required. An SNMP soulution is not requiring these last ones. 1 manager application communicates with all the SNMP-agent out in the filed and thus with the Apache-server. > > > All the authorization can be handled by sockets or SNMP (built in > > there). Hopefully we won't have to deal with CGI... We can do things > > without encryption, etc. at first and then fold that in- we just have to > > keep security in mind during the build. If the broker (glue between the > > application code and classes doing the actual communication) is built > > correctly, we can plug in authorization with minimal changes to the > > application source. > > > > > p.s. Randy: Don't forget will use RSA keys in the password auth. part, > > > does CGI supports them? > > I think that you would be better off writing a key authentication > module for Apache. The new SNMPv3 WG of the IETF is creating security for the SNMP protocol. So in the future the SNMP-agent could go speaking SNMPv3. Although my comments look like I plea guilty for the SNMP-solution, I am certainly not against any other solution. But I agree with Randy that we should keep the required protocols to the minimum (maybe one). HH -- 0- Harrie Hazewinkel --------------------------------------0 email:[EMAIL PROTECTED] phone:+39+332+789384 http://porto.jrc.it/~harrie/ fax:+39+332+785500 postal: JRC of the E.C. - CEO Programme Ispra 21020 (VA) Italy 0----------------------------------------------------------0 Ik ben Harrie en ben 28 jaar en doe SNMP na. MIB, MIB.
