[EMAIL PROTECTED] wrote:
You asked for comments: I long ago created my own "database", wherein
Thanks for posting your information about the db you created. In our discussions, we've called this a "flat" databse, meaning that the entire database is a single bash sourceable text file containing name=value pairs and comments. We discussed the costs and benefits of this format at some length, and I encourage you to join the thread on leaf-devel to contribute your thoughts, or maybe just read it and see if you concur with the people who've been researching this for a few months. A single flat file was my initial choice.
XT_DEVICE=eth0 XT_IF= 204.001.001.001 XT_MASK=24 IT_DEVICE=wlan0 ROUTERTYPE=tunnel IT_DHCPS=yes A1_DEVICE=eth1 SPOOFING=no etc,etc. (about 80 variables) And a single python function which can be called from a command line as in: /var/www/cgi-bin/xlfixconf.py XT_GW=204.001.001.254 or from another python program. This is simple. If you import the above, it is all valid bash and variables can be used in all the networking and firewall scripts. It takes a little extra code to build something like ipsec.conf or dhcpd.conf.
Yes we think sourcing a file like yours is beneficial.
Anyway, the point is its simple to look at and simple to edit and Python or Perl builds a hash table in milliseconds. Any sort of "real" database technology would be a burdensome complication.
A real database would be burdensome, that's true, when you take a first look, and we've agreed to some extent that a complex xml database on the LEAF box is bogus for this very reason. David and Charles are voicing their wish for this whole thing to increase simplicity. But we have not ruled this out, because XML makes it possible to easily maintain a GUI admin. Perhaps you agree with the point I made before that having to modify your front-end gui and back-end api every time a new package comes out with different config is not preferrable to doing all that dynamically.
Now. Given an organization like above, with creative use of underlines to create a hierarchy, It would be quite simple to write a 2 way parser bash-variables <--> XML.
We agree on this, and I offered it as my request. If we use XML, it should also generate a flat file of bash sourcable var=values.
I should also mention, there is a subject which rarely mentioned on LEAF, Group Permits. This is where you use netfilter to allow access to subnets and servers and services by groups of ip's and maybe domains. This deserves some db kind of thinking. I've kind of brute forced this stuff so far and haven't designed a decent database yet. But it is worth thinking about in any design. I think Cisco calls thisAccess Lists.
Is netfilter a part of shorewall or a seperate .lrp or just part of the main distro? Any command can be described in the database I think. The database is _not_ my specialty ;-)
Oh, can't speak for Perl, but after 1.5, Python gets BIG. 1.5 is fine for my purposes. Anyway, size matters.
I think you're running python.lrp is that correct? Would you paste in console based python hello world? curious, matt ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html