Enterprise style Central Management Interface - {Now $1900}
-
How much can you contribute. ;D The more you can…the more likely someone is going to show interest........ Specify an amount that this would be worth to you and a mod or myself will add it to the amount listed.
-
I can add 1000€, but need an invoice (company here :)
-
Can this all be summarized so i can report an answer?
-
From my humble point of view ..
- The idea might be to develop the pfsense part of the Central Management Interface (CMI ?), and make it opened to anyone who'ld like to code his CMI template / site, or embed it in his current corpo site.
- The CMI could than run on any LAMP / WAMP of your choice.. the idea being to only provide a set of functions usable for php5 dev's.
- I think we could think as if building up a client / daemon and functions API to communicate between the CMI host and the N pfsense nodes.
- Since the main purpose of pfSense is not to serve as web server, i'ld rather have this CMI host'able on a dedicated box.. not on my firewall !
- The infos served by the nodes should be quickly accessible .. and sharable (if needed) .. RSS, XML comes to mind .. somehow .. each node could export as RSS feed / XML containing the infos required to be displayed by the CMI GUI ?
The plugin should:
- Let you view a global status page summarizing all your pfsense nodes vital infos (carp status, iface status, load, states, ram, cpu, hdd .. all gathered via cron than interpreted via an RSS feed parser ?), let the user select what infos to display on the global status page (possibly limit the number of infos to poll)
- Have a schedule to determine the frequency of updates to be performed, and on which node.
- To perform the scheduled updates, we could set a cron job on the CMI's LAMP that'll query the CMI's database to look for nodes to query (and what infos to request). This cron could connect to each node with a magic handshake mechanism that would make the node spit back the RSS feed with the infos request by the CMI's cron script
- For each pfsense node, we would have the ability to access the admin interface without the need to re-log as admin on it
- For each pfsense node, we would have the ability to send / save / restore / backup a config file
- For each pfsense node, view the logs (RSS feeds ?) or some more ajaxified mechanism .. the API could contain a simple JSON or XML PHP script that'll feed a JS class to make async requests to nodes to get their log data ?
Possible uses
- For each node, manage packages
- Centralized logging mechanism (implies vpn between the nodes and the CMI ? - syslog integration for "centralized syslogd" on the CMI host)
These are rough idea..
But maybe some are worth debating ?What do you think ?
-
I'm very interested in this thread.
I can agree to some of the requirements listed by df. Obviously we have some habits in managing our networks, and we like the way we do it. In my opinion, as I wrote in a past post, I need a distribution function, a way to make a global change to some specific parameters of a config.
Ermal, I'm very happy if you say you're interested, as i saw this thread not a priority for the devs.
In the past we had at least three possible contributors (kapara df & me), I dont know if one of us can summarize a single view of the project.
I think we have to agree from stating some architectural point: lamp/wamp/other, a dedicated machine, link directly via Internet (a VPN is a problem when some remote machine is not working)
and to some basic functionality.
On this some devs have to say if they can take the bounty, telling what management function can be done, and when.
Obviously they have to tell if they can take care of the evolution of the project, that has to follow the evolution of the basic pfsense.Greetings for the new year…
-
Do the bounty posters want a standards based soluton, or special pfsense only solution? I think the only intelligent way would be for a standards compliant solution rather than a pfsense only solution… such as the suggested CMI model.
I think CIM - common interface model - may be more appropriate. Open standard. Extensible. Several tools for it exist. A good look at http://www.openwbem.org/ maybe worth the time. It implements CIM and has some vendor backing.
How does one collect on a bounty?
I understand GPL accomplishes different goals than BSD. Different. Why the animosity against a GPL solution? Would a GPL add on be acceptable?-tom
-
dutler: My idea is to have a lightweight easy to embed "CMI", or rather GUI that interprets the data collected by the .. probes (?) set in crontab.
In a way, we would work much like most supervision systems (Nagios ..), but always following the KeepItSimpleStupid guideline.
I'm personally not against third party plateforms / frameworks, as long as we are allowed to freely use, distribute, and sell it, and as long they respect the above KISS rule.
To clarify my previous post, i can offer a $1000 euros bounty to any legal entity (understand company) that can make legit invoice for the job.
But, I, personally, would like to see the code produced but this bounty freely available to anyone, and if Scott and other members agree, make it part of pfSense as a package (for the pfsense related part of the CMI's probes / plugins mechanisms that will be required on remote boxen).
And btw, best wishes to all for '09.
-
Pulling my bounty. Looks like this is not going to happen and am looking into alternative solutions. Thanks for showing interest. Unless someone else is interested in continuing with this I don't mind if it is moved.
-
I'm likely to take on this project starting in a few days. For those that are still interested please reaffirm your interest.
Mark
-
The original author of this bounty has contacted me and indicated that he is no longer interested in this bounty. I will be moving this thread to "Expired" at the end of this week unless someone has reasonable objections.
-
Since MCRANE has shown interest again I am back in with a bounty of $750. I will put together my reqs for the bounty.
-
Since this thread has gotten so long and you're re-offering a much smaller bounty, I encourage you to open a new thread, complete with your requirements.
-
Just so it is understood why..the lower bounty is due to someone who was interested in the bounty originally has decided to back out and find another solution since this bounty has dragged on so long. I will reopen the bounty under another request.
-
Started new thread please post your reqs and amount you are willing to add to the bounty.
-
This is is getting to be confusing. I suggest closing this thread and moving to the new one.