Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

Locked History Actions

Archiv/ProvisioningNeu

Provisioning Neu

Goal: Provisioning System for free networks, based on the current FunkFeuer Graz provisioning system

Main reason for changes: assignment of public IP addresses mandates support for IPsec key management and authentication of users

Current functionality

  • MySQL database with Ruby on Rails, Perl and PHP frontends
  • autogenerate DNS config from db
  • autogenerate Cisco IPsec config from db
  • autogenerate Google Map
  • autogenerate Topo Map from OLSR data and db
  • xml export - topo data
  • user selfcare provisioning
  • rudimentary admin provisioning

Requirements

mandatory requirements

  • do not introduce new technology - Ruby on Rails will do
  • do not reinvent the wheel
  • document everything
  • use role-function paradigm for authorisation (neighbourhood managers, node owners, core team, ...)
  • db support for generic authentication system / trust model
    • authenticate e-mail address (automatic) - first level of authentication
    • manual f2f authentication (photo id check) - second level of authentication
  • authorisation system (anonymous users, l1 id, l2 id, admin, user groups...)
  • auditing (log photo id check, optional: IP assignments, config changes, ...)
    • timestamp
    • who
    • what
  • IP network management
    • create/modify/delete IP ranges
    • assign/revoke IP network to/from location
    • management of both public and private IPs
    • support for IPSEC key management for public IPs
    • support tinc tunnel management
    • optional: request larger network: support for renumbering
  • status report for IP network requests
  • safety net: deleted objects are flagged, not permanently deleted

optional requirements

  • support for IPv6 addresses

  • server side interface for HardwareAutoProvisioning (device management)

  • versioning of data (-> rollback functionality)

  • opt-in for autoconfiguration and automatic firmware upgrade
  • possibility for nodes to participate in software tests, new routing protocols etc. (stable, testing, unstable nodes)
  • enter user website URL to be linked from the home page

  • enter mobile phone number, opt-in to be contacted via SMS (FunkFeuer-Treffen Terminänderungen etc.)

  • management of hotspot requests, interface for sponsoring ISPs

Data model constraints

  • introduce foreign keys
  • PKs must not be hardcoded: use shortnames to get PKs
  • node type: fixed, mobile, experimental, ...
  • node may have owner
  • node may have location (mandatory for fixed nodes)
  • node may have interfaces (wired, wireless, ...)
  • interfaces have properties depending on interface type (speed, output power, channel)
  • wireless interface may have cabling and antennas attached (cable type and length, antenna)
  • antenna has type (from template), polarization, azimuth, elevation, aperture, gain, ...
  • location must have owner
  • person must have verified e-mail address
  • person should have telephone number
  • person may be either real or virtual (person groups)

Use cases

  • show workflow to users/admins
  • user: register as person, verify e-mail address, add location, add node, request IP net, request photo identification appointment, lookup/modify/delete entries, generate IPsec key
  • admin: pending requests (photo id, approve network assignment request, enter audit data, revoke IPsec key), override all user functions, change node owner