[EMAIL PROTECTED] wrote:
You asked for comments:
I long ago created my own "database", wherein
Thanks for posting your information about the
db you created. In our discussions, we've called
this a "flat" databse, meaning that the entire
database is a single bash sourceable text file
containing name=value pairs and comments.
We discussed the costs and benefits of this format
at some length, and I encourage you to join the thread
on leaf-devel to contribute your thoughts, or maybe
just read it and see if you concur with the people
who've been researching this for a few months.
A single flat file was my initial choice.
XT_DEVICE=eth0
XT_IF= 204.001.001.001
XT_MASK=24
IT_DEVICE=wlan0
ROUTERTYPE=tunnel
IT_DHCPS=yes
A1_DEVICE=eth1
SPOOFING=no
etc,etc. (about 80 variables)
And a single python function which can be called from a
command line as in:
/var/www/cgi-bin/xlfixconf.py XT_GW=204.001.001.254
or from another python program.
This is simple. If you import the above, it is all valid bash and
variables can be used in all the networking and firewall scripts.
It takes a little extra code to build something like ipsec.conf
or dhcpd.conf.
Yes we think sourcing a file like yours is beneficial.
Anyway, the point is its simple to look at and simple to edit and
Python or Perl builds a hash table in milliseconds.
Any sort of "real" database technology would be a burdensome
complication.
A real database would be burdensome, that's true, when you take a first look,
and we've agreed to some extent that a complex xml database on the LEAF box is
bogus for this very reason. David and Charles are voicing their wish for this
whole thing to increase simplicity. But we have not ruled this out, because
XML makes it possible to easily maintain a GUI admin. Perhaps you agree with
the point I made before that having to modify your front-end gui and back-end
api every time a new package comes out with different config is not preferrable
to doing all that dynamically.
Now. Given an organization like above, with creative use of underlines
to create a hierarchy, It would be quite simple to write a 2 way parser
bash-variables <--> XML.
We agree on this, and I offered it as my request. If we use XML,
it should also generate a flat file of bash sourcable var=values.
I should also mention, there is a subject which rarely mentioned on LEAF,
Group Permits. This is where you use netfilter to allow access to subnets
and servers and services by groups of ip's and maybe domains.
This deserves some db kind of thinking. I've kind of brute forced this stuff
so far and haven't designed a decent database yet. But it is worth
thinking about in any design. I think Cisco calls thisAccess Lists.
Is netfilter a part of shorewall or a seperate .lrp or just
part of the main distro? Any command can be described in
the database I think. The database is _not_ my specialty ;-)
Oh, can't speak for Perl, but after 1.5, Python gets BIG.
1.5 is fine for my purposes. Anyway, size matters.
I think you're running python.lrp is that correct?
Would you paste in console based python hello world?
curious,
matt
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
