devices_no and devices_only settings allow global worker restriction

Changes

@@ -2,12 +2,13 @@
 
   [NEW FEATURES]
 
-  * site_local_files setting for easy lib/template/static-file override
-  * support for device identity steering via device_identity
+  * support for device identity steering via device_identity setting
+  * devices_no and devices_only settings allow global worker restriction
+  * named host groups which can be used in *_only/*_no settings and other ACLs
   * new ACL features: AND and negation
-  * named host groups which can be used in other ACLs or *_only/*_no settings
+  * new report SNMP Connect Failures (workers track and ignore bad devices)
+  * site_local_files setting for easy lib/template/static-file override
   * template_paths setting to allow very easy override of templates
-  * new report SNMP Connect Failures
 
   [ENHANCEMENTTS]
 

lib/App/Netdisco.pm

@@ -203,19 +203,20 @@ the full installation instructions, above. This process is for upgrading
 version 2.x only.
 
 Before upgrading please review the latest L<Release
-Notes|App::Netdisco::Manual::ReleaseNotes>. Then, the process is as follows:
+Notes|App::Netdisco::Manual::ReleaseNotes>. Then the process below should be
+run for each installation:
 
  # upgrade Netdisco
  ~/bin/localenv cpanm --notest App::Netdisco
  ln -sf ~/perl5/bin/{localenv,netdisco-*} ~/bin/
  
- # apply database schema updates
+ # apply database schema updates, update MIBs and Vendor MACs
  ~/bin/netdisco-deploy
  
- # restart web service
+ # restart web service (if you run it)
  ~/bin/netdisco-web restart
  
- # restart job daemon (if you use it)
+ # restart job daemon (if you run it)
  ~/bin/netdisco-backend restart
 
 =head1 Tips and Tricks

lib/App/Netdisco/Configuration.pm

@@ -72,6 +72,20 @@ if (ref {} eq ref setting('device_identity')) {
 }
 else { config->{'device_identity'} ||= [] }
 
+# copy devices_no and devices_only into others
+foreach my $name (qw/devices_no devices_only
+                    discover_no macsuck_no arpnip_no nbtstat_no
+                    discover_only macsuck_only arpnip_only nbtstat_only/) {
+  config->{$name} ||= [];
+  config->{$name} = [setting($name)] if ref [] ne ref setting($name);
+}
+foreach my $name (qw/discover_no macsuck_no arpnip_no nbtstat_no/) {
+  push @{setting($name)}, @{ setting('devices_no') };
+}
+foreach my $name (qw/discover_only macsuck_only arpnip_only nbtstat_only/) {
+  push @{setting($name)}, @{ setting('devices_only') };
+}
+
 # legacy config item names
 
 config->{'devport_vlan_limit'} =

lib/App/Netdisco/Manual/Configuration.pod

@@ -907,6 +907,26 @@ Value: Number. Default: 2.
 
 Number of times to retry connecting to a device before giving up.
 
+=head3 C<devices_no>
+
+Value: Single item or list of Network Identifiers or Device Properties.
+Default: Empty List.
+
+The value will be copied into C<discover_no>, C<macsuck_no>, C<arpnip_no>, and
+C<nbtstat_no>, so is a shorthand way to restrict backend workers to avoid
+these device targets. See L</"ACCESS CONTROL LISTS"> for what you can use
+here.
+
+=head3 C<devices_only>
+
+Value: Single item or list of Network Identifiers or Device Properties.
+Default: Empty List.
+
+The value will be copied into C<discover_only>, C<macsuck_only>,
+C<arpnip_only>, and C<nbtstat_only>, so is a shorthand way to restrict backend
+workers to only specified device targets. See L</"ACCESS CONTROL LISTS"> for
+what you can use here.
+
 =head3 C<discover_no>
 
 Value: Single item or list of Network Identifiers or Device Properties.

lib/App/Netdisco/Manual/Deployment.pod

@@ -37,10 +37,10 @@ A common scenario is that the network is split into security domains (or
 zones) and one Netdisco poller daemon cannot see all devices.
 
 You can run multiple pollers, as long as they all connect back to the same
-PostgreSQL database. Use the C<discover_only>, C<macsuck_only>, C<arpnip_only>
-configuration settings (or their C<*_no> variants) to control which devices
-are "seen" by each poller. You can also include only the necessary minimum
-SNMP community/authentication settings in each poller's configuration.
+PostgreSQL database. Use the C<devices_only> or C<devices_no> configuration
+settings to control which devices are "seen" by each poller. You can also
+include only the necessary minimum SNMP community/authentication settings in
+each poller's configuration.
 
 Of course you will also need to start the web server somewhere, as well.
 

lib/App/Netdisco/Manual/ReleaseNotes.pod

@@ -56,6 +56,11 @@ interface to use as a canonical (friendly) identity of a device in Netdisco.
 
 =item *
 
+The new settings C<devices_no> and C<devices_only> are shorthand for setting
+C<discover_*>, C<macsuck_*>, C<arpnip_*>, and C<nbtstat_*> at once.
+
+=item *
+
 A new setting C<site_local_files> is a shorthand for confguring paths in which
 to install local Perl, template, javascript, and images files for overriding
 or enhancing Netdisco.
@@ -63,14 +68,9 @@ details.
 
 =item *
 
-Netdisco now tracks SNMP connect failures and after several attempts will no
-longer try to connect to devices (default: 10). See the C<max_deferrals>
-configuration setting, and the "SNMP Connect Failures" admin report.
-
-=item *
-
-The topology import script (C<nd-import-topology>) will now queue a "discover"
-job for each new device it imports.
+Netdisco now tracks SNMP connect failures and after 10 failed attempts will
+pause trying to connect, for one week (see the C<max_deferrals> and
+C<retry_after> settings). See also the "SNMP Connect Failures" admin report.
 
 =item *
 
@@ -80,6 +80,11 @@ items or lists. ACLs now support negation and OR/AND modifier options.
 
 =item *
 
+The topology import script (C<nd-import-topology>) will now queue a "discover"
+job for each new device it imports.
+
+=item *
+
 The C<netdisco-daemon> and C<netdisco-daemon-fg> scripts have
 been renamed to C<netdisco-backend> and C<netdisco-backend-fg> respectively.
 

share/config.yml

@@ -130,6 +130,8 @@ nonincreasing: false
 snmpver: 3
 snmptimeout: 3000000
 snmpretries: 2
+devices_no: []
+devices_only: []
 discover_no: []
 discover_only: []
 discover_no_type: []