Re-implementing the entire backend/frontend of pfSense
-
I understand the topic "Re-implementing the entire backend/frontend of pfSense" but you are talking about rewriting large parts of the existing code that can claim a subnode pretty easily as an array, etc?
Just want to try and feel the entire scope of this project. Our hackathon is coming up soon and I need to finalize my list.
Example of getting a xml subnode how it is now:
require("guiconfig.inc");
$a_filter = &$config['filter']['rule'];After looking at your code, how can it be retrofitted to work with the above example easily?
Or in your example $config is simply $config(an array)? Are there any downsides to this? Speed?
-
I'm working on process/module control and working out the requirements, firstly I think the big one is dependencies similar to Gentoo's runscript, here from svscan (supervise):
depend() { need net after net before ntpd ntp-client before spamd before apache apache2 }The important area of functionality is what is required to reconfigure a process, usually one that cannot be simply SIGHUPed. The process needs to be stopped, the configuration file re-written, and the process started. If this process and dependencies that need this process they need to be stopped & started. And an awkward issue of if it takes a minute to restart an IPSEC connection should you allow other things to occur at the same time.
Here is the basic process state machine:
So to reconfigure something like sshd you have to be aware of the current process state, i.e.
switch (sshd->state) { case NONE: case FAILED_TO_START: case KILLED: case DIED: case EXITED: case STOPPED: start sshd; break; case STARTING: case RUNNING: stop sshd; on( stop, { start sshd } ); break; case STOPPING: on( stop, { start sshd } ); break; case ZOMBIE: exit( "need to reboot to continue." ); } -
Example of getting a xml subnode how it is now:
require("guiconfig.inc");
$a_filter = &$config['filter']['rule'];After looking at your code, how can it be retrofitted to work with the above example easily?
Or in your example $config is simply $config(an array)? Are there any downsides to this? Speed?
Its a non-trivial re-architecture in order to split functionality at the cost of speed. On the backend the above code would transform into this:
global $config; $a_filter = $config->filter->rule;I have absolutely no idea how it would appear on the frontend as a request to the configuration process would be needed to retrieve the data. The benefit is the data is live in the configuration process as opposed to re-read from file every time.
This is basically a big investigation into whether the benefits gained are sufficient to down play the side effects. When looking at a more generic appliance framework it would be nice to have the extra functionality. :)
(edit) The underlying adjustment is making the rather synchronous functionality of the current setup to be asynchronous. Is it possible to make pfSense/m0n0wall more responsive to events that occur when they occur.
-
Just want to try and feel the entire scope of this project. Our hackathon is coming up soon and I need to finalize my list.
Sure, considering the duplication of work going on with CVS-head I will start working from the other end and fitting samba, ldap, cups, hylafax, and sane into the current image. By then hopefully you will have a release of your XML-RPC based code and I can help out with that instead.
Project 1: Domain controller for LTSP
-
Add OpenLDAP server + SASL
-
Add SAMBA PDC
Project 2: Printer, Scanner, Fax server
-
Add CUPS, hpijs, hplip, gimp-print, foomatic, foomatic-db, ghostscript
-
Add Hylafax
-
Add Sane-backends & Sane-frontends
By basing of pfSense I could remove the routing/firewall specific components and GUI and replace with parts specific to the components for each project. Extra time allows me to update the pfSense framework, and if time becomes short I will simply have to treat each project as a series of regular pfSense packages. 8)
-
-
Ok, bad day, neither openldap-sasl-client, openldap-sasl-server, or samba install through freesbie, however cyrus-sasl made it. Hopefully better luck tomorrow. ???
-
Just want to try and feel the entire scope of this project. Our hackathon is coming up soon and I need to finalize my list.
Sure, considering the duplication of work going on with CVS-head I will start working from the other end and fitting samba, ldap, cups, hylafax, and sane into the current image. By then hopefully you will have a release of your XML-RPC based code and I can help out with that instead.
Project 1: Domain controller for LTSP
-
Add OpenLDAP server + SASL
-
Add SAMBA PDC
Project 2: Printer, Scanner, Fax server
-
Add CUPS, hpijs, hplip, gimp-print, foomatic, foomatic-db, ghostscript
-
Add Hylafax
-
Add Sane-backends & Sane-frontends
By basing of pfSense I could remove the routing/firewall specific components and GUI and replace with parts specific to the components for each project. Extra time allows me to update the pfSense framework, and if time becomes short I will simply have to treat each project as a series of regular pfSense packages. 8)
This very much falls into my long term goals. Everything you've said so far makes a lot of sense (no pun intended, hah!)
Although all of this is great on paper, it's going to be one hell-of-a-hike to get all of this done. We need a plan of attack so that I can started retrofitting head in this direction.
Any suggestions of how I can help get this started from my end?
edit: minor spelling fixes.
-
-
Update: Slight change of track. In order to get something working I tried running with Voyage Linux (Debian/WRAP) and got everything up working in the morning through their Knoppix install; a copy of FreeNAS because i'm waiting back from a Taiwan developer on some NFS issues with a NAS appliance, some slight modifications in order to allow root file permissions; Ubuntu desktop install with LVM and then copy everything over to NAS for a diskless server following on with the thin client setup of LTSP MueKow implementation. Hopefully tomorrow I can test that, see that Chinese input works correctly, and think about moving from VMWare Server to the real hardware boxes, then planning moving back to BSD for the directory server.
I"m off to Korea this week, then onto Macau, so no updates for a couple of weeks :-[
To the left of the layer 4 switch is this stack of hardware, hopefully be useful:
[img]http://fnjordy.umcus.org/tmp/stack-of-boxes.jpg
I guess I should be asking you which area of pfSense would you like to see improved the most?
-
Oh no, Korea lost to Switzerland. Oh well :'(
I had a quick look at MultiSeat LTSP and with Linux VServer it looks overly complicated. I'm either going to look at web infrastructure for an embedded PDC or try moving from Voyage Linux to the FreeNAS configuration. ???
I like the admin page for WordPress however it doesn't appear easily transferable to the amount of information required with a router or PDC package. Has the core pfSense been updated completely to the new XML GUI-Builder, or is it only packages?
-
Only packages for the most part.
-
Well I moved over to FreeNAS core and things are working with a web interface now. This gets me a little closer to actually helping out. I have an image with Samba 4, TFTPD, DHCPD booting LTSP server and clients. Here's the TODO list:
:D
Kernel
-
Remove options / modules not used: need to track down better details of all options.
-
Add embedded specific modules, performance options, etc.
-
Create an embedded (no-HDD) kernel, and a generic (IDE & SCSI HDD) kernel.
O/S
-
Keep tftpboot files over an upgrade, requires different method to gzip|dd for imaging.
-
Replace OpenSSH with DropBear to save some space (worth the effort?).
-
Remove PAM (possible?).
Configuration
-
Private / Public / Runtime configuration split to allow testing new and different options.
-
Management daemon to co-ordinate system tasks.
Application
-
Support VLAN interface configuration.
-
VLAN DHCPD support.
-
Smaller Samba 4 binaries by removing uneeded modules, there are a lot statically compiled.
-
Various Windows stuff as I have no experience using AD.
Frontend
-
i18n/l10n support like pfSenses gettext().
-
AJAX edits and status feedback like pfSense.
-
Larger, clearer interface like WordPress, mainly CSS work I would believe.
-
Administration interface users like pfsense (is there a use with a AD server?).
I'm using Samba 4 to see how stable and big it is, its one process compared to using both OpenLDAP & Samba 3.
-
-
Ok, apart from killing my "worlds worst implementation of NFS" NAS appliance I have a functional test build, unfortunately tftpd-hpa seems a little fruity on FreeBSD and requires restarting when remounting /cf. Here are some screenshots showing how little I have done:
Active Directory configuration, absolute minimum parameters required:
DHCPD configuration, adding gateway & PXE boot filename:
TFTP configuration, slightly spartan, really needs a file manager like captive portal:
User & Groups modified to take posixAccount fields:
And the ISO/IMG files:
http://fnjordy.umcus.org/tmp/test.iso [ 26MB ]
http://fnjordy.umcus.org/tmp/test-generic-pc-img [ 12MB ]Slight mess in order to get TFTPBOOT files up you need to SSH in and run the following then SCP the files over.
mkdir /cf/tftpboot /sbin/umount -f /cf /sbin/mount -w -o noatime /cfI have a kernel an initrd image from Ubuntu Dapper with two configurations. One for a LTSP Ubuntu, basically regular Ubuntu Dapper Desktop install made diskless following the wiki instructions. The other for Ubuntu MueKow which loads the ltsp-client built from the server. The server is configured with NSS_LDAP for users & groups, and PAM_HEIMDAL to allow AD based logins. I couldn't get a crypted password up for shadow, but kerberos is the more secure method, albeit Samba 4 has no security :D
I wonder if I can find anyone who would actually use it ;)
-
Network diagram to make things a bit prettier: :-*
-
Kewl :) 8) ;)
Keep the good work and us posted, thanks for sharing with the community 8)
-
Can't wait to see you actually starting to work on pfSense ;D
-
Well i've just finished porting the directory server from FreeNAS core to a FreeSBIE core and I have to say i'm very impressed with how far the pfSense team have come. Its a minefield myriad of different options and decisions needing to be made and to get something working so well like pfSense is just brilliant. I on the other hand have quite a way to go, I have a system that works from CD but I need to test and get working CD+floppy/CF/HDD and HDD/CF setups, and then test on some WRAP hardware. My first significant change will be to introduce a private config, and then a runtime/public pair. I have setup my notes on Novell Forge:
http://developer.novell.com/wiki/index.php/%E3%81%BF%E3%82%8B_directory_server
Albeit rather fruity services, as Bugzilla still isn't working yet, and its taken a couple of days to get subversion and file hosting up. I'm working on a "build from scratch" how to just like pfsense / freenas / m0n0wall have as the current state is a rather confusing plethora of scripts. My only nitpick is with FreeSBIE 2, running a "make iso" always wants to rebuild everything so I added some code to force the build & install to be skipped.
-
FreeSBIE 2 ignores the build if its already done. Not sure what you mean:
Building world for i386 architecture
NO_BUILDWORLD set, skipping build
Building kernel for i386 architecture
NO_BUILDKERNEL set, skipping build
Installing world for i386 architecture
Making hierarchy
Are you sure you are running FreeSBIE 2 (not 1)?
-
FreeSBIE 2 ignores the build if its already done. Not sure what you mean:
Building world for i386 architecture
NO_BUILDWORLD set, skipping build
Building kernel for i386 architecture
NO_BUILDKERNEL set, skipping build
Installing world for i386 architecture
Making hierarchy
Are you sure you are running FreeSBIE 2 (not 1)?
It is FreeSBIE 2, but I guess i'm working with buildworld/buildkernel in not the best way possible. I'll work on it a bit to see why.