Locked History Actions

Archiv/ProvisioningNeu

Provisioning Neu

Goal: Provisioning System for free networks, based on the current FunkFeuer Graz provisioning system

Main reason for changes: assignment of public IP addresses mandates support for IPsec key management and authentication of users

Current functionality

  • MySQL database with Ruby on Rails, Perl and PHP frontends
  • autogenerate DNS config from db
  • autogenerate Cisco IPsec config from db
  • autogenerate Google Map
  • autogenerate Topo Map from OLSR data and db
  • xml export - topo data
  • user selfcare provisioning
  • rudimentary admin provisioning

Requirements

mandatory requirements

  • do not introduce new technology - Ruby on Rails will do
  • do not reinvent the wheel
  • document everything
  • use role-function paradigm for authorisation (neighbourhood managers, node owners, core team, ...)
  • db support for generic authentication system / trust model
    • authenticate e-mail address (automatic) - first level of authentication
    • manual f2f authentication (photo id check) - second level of authentication
  • authorisation system (anonymous users, l1 id, l2 id, admin, user groups...)
  • auditing (log photo id check, optional: IP assignments, config changes, ...)
    • timestamp
    • who
    • what
  • IP network management
    • create/modify/delete IP ranges
    • assign/revoke IP network to/from location
    • management of both public and private IPs
    • support for IPSEC key management for public IPs
    • support tinc tunnel management
    • optional: request larger network: support for renumbering
  • status report for IP network requests
  • safety net: deleted objects are flagged, not permanently deleted

optional requirements

  • support for IPv6 addresses
  • server side interface for HardwareAutoProvisioning (device management)

  • versioning of data (-> rollback functionality)

  • opt-in for autoconfiguration and automatic firmware upgrade
  • possibility for nodes to participate in software tests, new routing protocols etc. (stable, testing, unstable nodes)
  • enter user website URL to be linked from the home page
  • enter mobile phone number, opt-in to be contacted via SMS (FunkFeuer-Treffen Terminänderungen etc.)

  • management of hotspot requests, interface for sponsoring ISPs

Data model constraints

  • introduce foreign keys
  • PKs must not be hardcoded: use shortnames to get PKs
  • node type: fixed, mobile, experimental, ...
  • node may have owner
  • node may have location (mandatory for fixed nodes)
  • node may have interfaces (wired, wireless, ...)
  • interfaces have properties depending on interface type (speed, output power, channel)
  • wireless interface may have cabling and antennas attached (cable type and length, antenna)
  • antenna has type (from template), polarization, azimuth, elevation, aperture, gain, ...
  • location must have owner
  • person must have verified e-mail address
  • person should have telephone number
  • person may be either real or virtual (person groups)

Use cases

  • show workflow to users/admins
  • user: register as person, verify e-mail address, add location, add node, request IP net, request photo identification appointment, lookup/modify/delete entries, generate IPsec key
  • admin: pending requests (photo id, approve network assignment request, enter audit data, revoke IPsec key), override all user functions, change node owner