Squashed commit of the following: commit7673f3ee1eAuthor: Oliver Gorwits <oliver@cpan.org> Date: Sat May 6 14:19:19 2017 +0100 allow check_acl to accept Device or NetAddr::IP instance commitc31059bc01Author: Oliver Gorwits <oliver@cpan.org> Date: Sat May 6 14:19:00 2017 +0100 update docs commitdeaeab2670Author: Oliver Gorwits <oliver@cpan.org> Date: Sat May 6 14:18:27 2017 +0100 SNMP only stanza has access to full check_acl features commit4a44fa5863Author: Oliver Gorwits <oliver@cpan.org> Date: Mon May 1 18:49:38 2017 +0100 add AND operator and negation support to ACLs
		
			
				
	
	
		
			1313 lines
		
	
	
		
			38 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			1313 lines
		
	
	
		
			38 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| =head1 NAME
 | |
| 
 | |
| App::Netdisco::Manual::Configuration - How to Configure Netdisco
 | |
| 
 | |
| =head1 INTRODUCTION
 | |
| 
 | |
| The configuration files for Netdisco come with all options set to sensible
 | |
| default values, and just a few that you must initially set yourself.
 | |
| 
 | |
| =head2 YAML GUIDANCE
 | |
| 
 | |
| There are two configuration files: C<config.yml> (which lives inside Netdisco)
 | |
| and C<deployment.yml> (which usually lives in C<${HOME}/environments>).
 | |
| 
 | |
| The C<config.yml> file includes defaults for every setting, and should be left
 | |
| alone.  Any time you want to set an option, use only the C<deployment.yml>
 | |
| file. The two are merged when Netdisco starts, with your settings in
 | |
| C<deployment.yml> overriding the defaults from C<config.yml>.
 | |
| 
 | |
| The configuration file format for Netdisco is YAML. This is easy for humans to
 | |
| edit, but you should take care with whitespace and avoid TAB characters. YAML
 | |
| supports several data types:
 | |
| 
 | |
| =over 4
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Boolean - True/False value, using C<1> and C<0> or C<true> and C<false>
 | |
| respectively, e.g.:
 | |
| 
 | |
|  check_userlog: true
 | |
| 
 | |
| =item *
 | |
| 
 | |
| List - Set of things using C<[a, b, c]> on one line or C<-> on separate lines,
 | |
| e.g.:
 | |
| 
 | |
|  community: ['public', 'another']
 | |
|  
 | |
|  discover_no:
 | |
|    - '192.0.2.0/24'
 | |
|    - '2001:db8::/32'
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Dictionary - Key/Value pairs (like Perl Hash) using C<< {key1: val1, key2:
 | |
| val2} >> on one line or C<key: value> on separate lines, e.g.:
 | |
| 
 | |
|  port_control_reasons:
 | |
|    address:   'Address Allocation Abuse'
 | |
|    copyright: 'Copyright Violation'
 | |
| 
 | |
| =item *
 | |
| 
 | |
| String - Quoted, just like in Perl (and essential if the item contains the
 | |
| colon character).
 | |
| 
 | |
| =back
 | |
| 
 | |
| =head2 ACCESS CONTROL LISTS
 | |
| 
 | |
| Access Control Lists (ACLs) appear in many places in the configuration file,
 | |
| used to select or exclude devices or hosts for certain settings. ACLs are a
 | |
| YAML list of items, which can contain:
 | |
| 
 | |
| =over 4
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Hostname, IP address, IP prefix (i.e. subnet)
 | |
| 
 | |
| =item *
 | |
| 
 | |
| IP address range, using a hyphen on the last octet/hextet, and no whitespace
 | |
| 
 | |
| =item *
 | |
| 
 | |
| Regular expression in YAML format (no enforced anchors) which will match the
 | |
| device DNS name (using a fresh DNS lookup, so works on new discovery), e.g.:
 | |
| 
 | |
|  - !!perl/regexp ^sep0.*$
 | |
| 
 | |
| =item *
 | |
| 
 | |
| "C<property:regexp>" - matched against a device property, such as C<model> or
 | |
| C<vendor> (with enforced begin/end regexp anchors).
 | |
| 
 | |
| =item *
 | |
| 
 | |
| "C<op:and>" to require all items to match (or not match) the provided IP or
 | |
| device. Note that this includes IP address version mismatches (v4-v6).
 | |
| 
 | |
| =back
 | |
| 
 | |
| To negate any item in an ACL, prefix it with "C<!>", for example
 | |
| "C<!192.0.2.0/29>". In that case, the item must I<not> match the device. This
 | |
| does not apply to regular expressions (which you can achieve with nonmatching
 | |
| lookahead).
 | |
| 
 | |
| To match any device, use "C<any>". To match no devices we suggest using
 | |
| "C<broadcast>" in the list (or "C<!any>" may work).
 | |
| 
 | |
| =head1 SUPPORTED SETTINGS
 | |
| 
 | |
| =head2 Essential Settings
 | |
| 
 | |
| If you followed the installation instructions, then you should have set the
 | |
| database connection parameters to match those of your local system. That is,
 | |
| the database C<name>, C<host>, C<user> and C<pass>.
 | |
| 
 | |
| =head2 General Settings
 | |
| 
 | |
| =head3 C<log>
 | |
| 
 | |
| Value: C<debug|warning|error>. Default: C<warning>.
 | |
| 
 | |
| The log level used by Netdisco. It's useful to see warning messages from the
 | |
| backend poller, as this can highlight broken topology.
 | |
| 
 | |
| =head3 C<logger_format>
 | |
| 
 | |
| Value: Format String. Default: C<< '[%P] %U %L %m' >>.
 | |
| 
 | |
| Structure of the log messages. See L<Dancer::Logger::Abstract/"logger_format">
 | |
| for details.
 | |
| 
 | |
| =head3 C<include_paths>
 | |
| 
 | |
| Value: List. Default: Empty List.
 | |
| 
 | |
| Additional library paths for the application (both web frontend and backend
 | |
| poller daemons). You can also use a colon-separated list in the
 | |
| "C<NETDISCO_INC>" environment variable.
 | |
| 
 | |
| =head3 C<external_databases>
 | |
| 
 | |
| Value: List of Database Configuration Hashes. Default: None.
 | |
| 
 | |
| The Plugins and User Reports features of Netdisco can gather data from
 | |
| external databases. You need to install the Perl database driver for the
 | |
| target database platform, and configure this setting appropriately. For
 | |
| example:
 | |
| 
 | |
|  external_databases:
 | |
|    - tag: externaldb
 | |
|      dsn: 'dbi:Pg:dbname=myexternaldb;host=192.0.2.1'
 | |
|      user: oliver
 | |
|      password: letmein
 | |
|      options:
 | |
|        pg_enable_utf8: true
 | |
| 
 | |
| Note that C<tag> is I<required> and maps to the C<database> key if you use the
 | |
| Generic Reports feature (see "L</reports>", below), or becomes the Dancer
 | |
| database schema name if you program the Plugin directly.
 | |
| 
 | |
| =head2 Web Frontend
 | |
| 
 | |
| =head3 C<domain_suffix>
 | |
| 
 | |
| Value: String. Default: None.
 | |
| 
 | |
| Set this to your local site's domain name. This is usually removed from node
 | |
| names in the web interface to make things more readable. Make sure to include
 | |
| the leading dot character.
 | |
| 
 | |
| =head3 C<no_auth>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Enable this to disable login authentication in the web frontend. The username
 | |
| will be set to C<guest> so if you want to allow extended permissions (C<admin>
 | |
| or C<port_control>), create a dummy user with the appropriate flag in the
 | |
| database:
 | |
| 
 | |
|  netdisco=> insert into users (username) values ('guest');
 | |
|  netdisco=> update users set port_control = true where username = 'guest';
 | |
|  netdisco=> update users set admin = true where username = 'guest';
 | |
| 
 | |
| =head3 C<navbar_autocomplete>
 | |
| 
 | |
| Value: Boolean. Default: C<true>.
 | |
| 
 | |
| Set this to C<false> to disable the device autocomplete in the main navbar.
 | |
| 
 | |
| =head3 C<suggest_guest>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Enable this to display a banner suggesting to log in with a guest account.
 | |
| The username and password of this account must both be "guest".
 | |
| 
 | |
| =head3 C<trust_remote_user>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Enable this if Netdisco is running within another web server such as Apache,
 | |
| and you want that server to handle user authentication. Normally the
 | |
| authenticated username will automatically be set in the C<REMOTE_USER>
 | |
| environment variable. See L<Dancer::Deployment/Running from Apache> for
 | |
| further details.
 | |
| 
 | |
| =head3 C<trust_x_remote_user>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Enable this if you proxy requests to Netdisco via another web server such as
 | |
| Apache, and you want that server to handle user authentication. You need to
 | |
| configure the authorized username to be passed from the frontend environment
 | |
| to Netdisco in the C<X-REMOTE_USER> HTTP Header. For example with Apache:
 | |
| 
 | |
|  RequestHeader unset X-REMOTE_USER
 | |
|  RequestHeader set X-REMOTE_USER "%{REMOTE_USER}e" env=REMOTE_USER
 | |
| 
 | |
| When running securely (https), replace C<< "%{REMOTE_USER}e" >> with C<<
 | |
| "%{REMOTE_USER}s" >>.
 | |
| 
 | |
| =head3 C<validate_remote_user>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Enable this to check that remote users (usernames that come from a frontend
 | |
| proxy server) also exist in the Netdisco Users database. No password check is
 | |
| made.
 | |
| 
 | |
| This can be useful when you have web login or single sign-on on the frontend
 | |
| web server, but also want to limit to a set of known users in Netdisco. You
 | |
| can still load those users into the database in Netdisco and enable this
 | |
| setting to check any proxied access can be mapped to a known user.
 | |
| 
 | |
| =head3 C<ldap>
 | |
| 
 | |
| Value: Settings Tree. Default: None.
 | |
| 
 | |
| If set, and a user has the C<ldap> flag also set on their account, then LDAP
 | |
| authentication will be used for their login.
 | |
| 
 | |
|  ldap:
 | |
|    servers:
 | |
|      - 'ad.example.com'
 | |
|    user_string: 'MYDOMAIN\%USER%'
 | |
|    opts:
 | |
|      debug: 0
 | |
| 
 | |
| There are several options within this setting:
 | |
| 
 | |
| =head4 C<servers>
 | |
| 
 | |
| This must be a list of one or more LDAP servers. If using Active Directory
 | |
| these would be your Domain Controllers.
 | |
| 
 | |
| =head4 C<user_string>
 | |
| 
 | |
| String to construct the user portion of the DN. C<%USER%> is a variable which
 | |
| will be replaced at runtime with the logon name entered on the logon page of
 | |
| the application.
 | |
| 
 | |
| Active Directory users may simply use C<MYDOMAIN\%USER%> and skip all other
 | |
| options except C<servers>, as this notation eliminates the need to construct
 | |
| the full distinguished name.
 | |
| 
 | |
| Examples: C<cn=%USER%> or C<uid=%USER%>.
 | |
| 
 | |
| =head4 C<base>
 | |
| 
 | |
| Indicates where in the hierarchy to begin searches. If a proxy user is not
 | |
| defined and anonymous binds are not enabled this value will be appended to the
 | |
| C<user_string> to construct the distinguished name for authentication.
 | |
| 
 | |
| =head4 C<proxy_user>
 | |
| 
 | |
| User to bind with to perform searches. If defined as C<anonymous>, then
 | |
| anonymous binds will be performed and C<proxy_pass> will be ignored. For
 | |
| organizations with users in multiple OUs this option can be used to search for
 | |
| the user and construct the DN based upon the result.
 | |
| 
 | |
| =head4 C<proxy_pass>
 | |
| 
 | |
| Proxy user password. Ignored if proxy user defined as anonymous.
 | |
| 
 | |
| =head4 C<opts>
 | |
| 
 | |
| Hash of options to add to the connect string. Normally only needed if server
 | |
| does not support LDAPv3, or to enable debugging as in the example above.
 | |
| 
 | |
| =head4 C<tls_opts>
 | |
| 
 | |
| A hash which, when defined, causes the connection tol use Transport Layer
 | |
| Security (TLS) which provides an encrypted connection. TLS is the preferred
 | |
| method of encryption, ldaps (port 636) is not supported.
 | |
| 
 | |
| This is only possible if using LDAPv3 and the server supports it. These are
 | |
| the options for the TLS connection. See the L<Net::LDAP> documentation under
 | |
| start_tls for options, but the defaults should work in most cases.
 | |
| 
 | |
| =head3 C<path>
 | |
| 
 | |
| Value: String. Default: None.
 | |
| 
 | |
| Mount point for the Netdisco web frontend. This is usually the root of the web
 | |
| server. Set this to the path under which all pages live, e.g. C</netdisco2>.
 | |
| As an alternative you can use the C<--path> option to C<netdisco-web>.
 | |
| 
 | |
| =head3 C<web_plugins>
 | |
| 
 | |
| Value: List of Modules. Default: List of bundled L<App::Netdisco::Web::Plugin> names.
 | |
| 
 | |
| Netdisco's plugin system allows the user more control over the user interface.
 | |
| Plugins can be distributed independently from Netdisco and are a better
 | |
| alternative to source code patches. This setting is the list of Plugins which
 | |
| are used in the default Netdisco distribution.
 | |
| 
 | |
| You can override this to set your own list. If you only want to add to the
 | |
| default list then use C<extra_web_plugins>, which allows the Netdisco
 | |
| developers to update default C<web_plugins> in a future release.
 | |
| 
 | |
| Entries in the list will by default omit the leading
 | |
| C<App::Netdisco::Web::Plugin::> from the name. To override this for one entry,
 | |
| prefix it with a C<+> sign. You can also prefix with C<X::> to signify the
 | |
| alternate C<App::NetdiscoX::Web::Plugin::> namepsace.
 | |
| 
 | |
| =head3 C<extra_web_plugins>
 | |
| 
 | |
| Value: List of Modules. Default: Empty List.
 | |
| 
 | |
| List of additional L<App::Netdisco::Web::Plugin> names to load. See also the
 | |
| C<web_plugins> setting.
 | |
| 
 | |
| =head3 C<reports>
 | |
| 
 | |
| Value: List of Reports Hashes. Default: None.
 | |
| 
 | |
| Use this configuration to add reports to Netdisco without writing any Perl
 | |
| code or HTML templates. For example:
 | |
| 
 | |
|  reports:
 | |
|    - tag: power_inventory
 | |
|      label: 'Power Supply Inventory'
 | |
|      category: Device
 | |
|      columns:
 | |
|        - {name: 'Name'}
 | |
|        - {ps1_type: 'PS1 Type'}
 | |
|        - {ps1_status: 'PS1 Status'}
 | |
|      query: |
 | |
|        SELECT d.name, d.ps1_type, d.ps1_status
 | |
|          FROM device d
 | |
|        ORDER BY name
 | |
| 
 | |
| The C<tag> of each item in the C<reports> configuration is an alias for the
 | |
| report, and becomes part of the web path.
 | |
| 
 | |
| You can munge the data retrieved from the database by placing a Perl script
 | |
| with the same name as the C<reports> key into the "C<site_plugins>" directory
 | |
| of Netdisco's home area. The script can access C<$config> for its
 | |
| configuration and C<@data> for the retrieved data. It should return a list of
 | |
| munged data.
 | |
| 
 | |
| Within the tree you can provide each of the keys below:
 | |
| 
 | |
| =head4 C<tag>
 | |
| 
 | |
| Alias for the Report, which must be usable in a web path.
 | |
| 
 | |
| =head4 C<label>
 | |
| 
 | |
| Title for the Report.
 | |
| 
 | |
| =head4 C<columns>
 | |
| 
 | |
| List of single-key Hashes which map database column (field) name to table
 | |
| heading.
 | |
| 
 | |
| =head4 C<query>
 | |
| 
 | |
| SQL which returns the data. Make sure that the columns are named the same as
 | |
| the keys of the C<columns> or C<query_columns> configuration. Note the way the
 | |
| SQL is specified in the example above, using the pipe symbol and then
 | |
| indenting the query text.
 | |
| 
 | |
| =head4 C<category> (optional)
 | |
| 
 | |
| Section of the Reports menu where this report will appear. See
 | |
| L<WritingPlugins|App::Netdisco::Manual::WritingPlugins> for the full list.
 | |
| If not supplied, reports appear in a I<My Reports> category.
 | |
| 
 | |
| =head4 C<hidden> (optional)
 | |
| 
 | |
| Set to true to skip inclusion of this report from the Reports menu.
 | |
| 
 | |
| =head4 C<database> (optional)
 | |
| 
 | |
| The database "tag" used in C<external_databases> so that you can query another
 | |
| database (even in another database server) and display the results in a
 | |
| Netdisco report.
 | |
| 
 | |
| =head4 C<query_columns> (optional)
 | |
| 
 | |
| If supplying code to munge the data, the columns returned from your database
 | |
| C<query> may not be the same as those in the web report. Set this to a list of
 | |
| the columns in C<query>. The C<columns> setting will then be used for the web
 | |
| report.
 | |
| 
 | |
| =head4 C<bind_params> (optional)
 | |
| 
 | |
| You can use placeholders in the SQL C<query> (that is, "C<?>") to bind
 | |
| user-supplied parameters. This setting should be a list of the parameters to
 | |
| pick out of the URL query string and match to the placeholders in the same
 | |
| order. For example:
 | |
| 
 | |
|  query: |
 | |
|    SELECT ... FROM ... WHERE device = ? AND port = ?
 | |
|  bind-params: ['device', 'port']
 | |
|  
 | |
|  # then
 | |
|  http://localhost:5000/report/my_special_report?device=192.0.2.1&port=Vlan142
 | |
| 
 | |
| =head3 C<jobqueue_refresh>
 | |
| 
 | |
| Value: Integer Number. Default: 5.
 | |
| 
 | |
| Number of seconds between reloads of the Job Queue panel in the web interface.
 | |
| 
 | |
| =head3 C<safe_password_store>
 | |
| 
 | |
| Value: Boolean. Default: true.
 | |
| 
 | |
| Set to "C<false>" if you MUST maintain backwards compatibility with the Netdisco
 | |
| 1.x web interface. Strongly recommended that you leave this set to "C<true>".
 | |
| 
 | |
| =head3 C<table_pagesize>
 | |
| 
 | |
| Value: Number. Default: 10.
 | |
| 
 | |
| The default number of rows in a table page.
 | |
| 
 | |
| =head3 C<table_showrecordsmenu>
 | |
| 
 | |
| Value: Number. Default:
 | |
| 
 | |
|  table_showrecordsmenu:
 | |
|    - [10, 25, 50, 100, '-1']
 | |
|    - [10, 25, 50, 100, 'All']
 | |
| 
 | |
| The choices available to users for selecting the number of rows per page. The
 | |
| format is two lists: one of the values and one of the labels in the web
 | |
| interface. You can see in the default that a value of "C<-1>" means Show All
 | |
| Records.
 | |
| 
 | |
| =head3 C<vlanctl>
 | |
| 
 | |
| Value: Boolean. Default: C<true>.
 | |
| 
 | |
| Set to false to prevent users from changing the default VLAN on an interface.
 | |
| This setting has no effect when C<portctl_nameonly> below is set to true.
 | |
| 
 | |
| =head3 C<portctl_nameonly>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Set to true to limit port control action to only changing the interface name
 | |
| (description).
 | |
| 
 | |
| =head3 C<portctl_nophones>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Set to true to make sure an IP Phone port never can be turned off/on.
 | |
| 
 | |
| =head3 C<portctl_vlans>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Set to true to allow Netdisco to be able to disable VLAN trunk interfaces.
 | |
| 
 | |
| B<EXTREMELY VERY DANGEROUS>: Turning off a VLAN trunk link could take out most
 | |
| of your network.
 | |
| 
 | |
| =head3 C<portctl_uplinks>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Set to true to allow Netdisco to be able to disable Uplinks. (Router
 | |
| Interfaces too)
 | |
| 
 | |
| B<EXTREMELY VERY DANGEROUS>: Turning off uplinks will take out chunks of your
 | |
| network.
 | |
| 
 | |
| =head3 C<port_control_reasons>
 | |
| 
 | |
| Value: Hash of Strings. Default:
 | |
| 
 | |
|  port_control_reasons:
 | |
|    address:     'Address Allocation Abuse'
 | |
|    copyright:   'Copyright Violation'
 | |
|    dos:         'Denial of Service'
 | |
|    bandwidth:   'Excessive Bandwidth'
 | |
|    polling:     'Excessive Polling of DNS/DHCP/SNMP'
 | |
|    noserv:      'Not In Service'
 | |
|    exploit:     'Remote Exploit Possible'
 | |
|    compromised: 'System Compromised'
 | |
|    other:       'Other'
 | |
|    resolved:    'Issue Resolved'
 | |
| 
 | |
| When a user has Port Control rights and shuts down a port, they are asked for
 | |
| a reason. This configuration lists those reasons, and can be overridden to add
 | |
| or remove any entries.
 | |
| 
 | |
| =head3 C<check_userlog>
 | |
| 
 | |
| Value: Boolean. Default: C<true>.
 | |
| 
 | |
| Set to false to disable the periodic AJAX check for completed entries in the
 | |
| job queue for this user. Mainly useful for development to suppress noisy web
 | |
| frontend activity.
 | |
| 
 | |
| =head3 C<devport_vlan_limit>
 | |
| 
 | |
| Value: Number. Default: C<150>.
 | |
| 
 | |
| When showing Device Ports, Netdisco calculates first an average number of
 | |
| VLANs across all device ports. If this is above this configurable threshold,
 | |
| the VLAN Membership is I<not> shown (regardless of Display Columns setting.
 | |
| 
 | |
| =head3 C<login_logo>
 | |
| 
 | |
| Value: String. Default: none.
 | |
| 
 | |
| Set to the URL of an image file which will be displayed alongside the C<Log
 | |
| In> form.
 | |
| 
 | |
| =head2 Netdisco Core
 | |
| 
 | |
| =head3 C<mibhome>
 | |
| 
 | |
| Value: Directory. Default: C<${HOME}/netdisco-mibs>.
 | |
| 
 | |
| Base directory in which to find C<mibdirs>. This is where C<netdisco-deploy>
 | |
| will drop MIB files.
 | |
| 
 | |
| =head3 C<mibdirs>
 | |
| 
 | |
| Value: List of Directories. Default: All subdirectories of C<mibhome>.
 | |
| 
 | |
| A list of subdirectories of C<mibhome> from which to load MIB files. You
 | |
| should always include C<rfc>. For example:
 | |
| 
 | |
|  mibdirs:
 | |
|    - rfc
 | |
|    - cisco
 | |
|    - foundry
 | |
| 
 | |
| =head3 C<community>
 | |
| 
 | |
| Value: List of Strings. Default: C<public>.
 | |
| 
 | |
| A list of read-only SNMP community strings to try on each device. This is the
 | |
| simplest way to configure your SNMPv1 or SNMPv2 community strings. For
 | |
| example:
 | |
| 
 | |
|  community:
 | |
|    - public
 | |
|    - anotherstring
 | |
|    - mycommunity
 | |
| 
 | |
| Each is tried in turn when polling the device, and then the working community
 | |
| string will be cached in the database.
 | |
| 
 | |
| For fine-grained control over which communities are tried for which devices,
 | |
| or to set SNMPv3 authentication, see C<snmp_auth>, below.
 | |
| 
 | |
| =head3 C<community_rw>
 | |
| 
 | |
| Value: List of Strings. Default: C<private>.
 | |
| 
 | |
| A list of read-write SNMP community strings to try on each device. The working
 | |
| community will be cached in the database.
 | |
| 
 | |
| This is the simplest way to configure SNMPv1 or SNMPv2 community strings. Each
 | |
| is tried in turn when writing to the device, and then the working community
 | |
| string will be cached in the database.
 | |
| 
 | |
| For fine-grained control over which communities are tried for which devices,
 | |
| or to set SNMPv3 authentication, see C<snmp_auth>, below.
 | |
| 
 | |
| =head3 C<snmp_auth>
 | |
| 
 | |
| Value: List of Settings Trees. Default: Empty List.
 | |
| 
 | |
| This setting is used for SNMPv3 authentication configuration, and also
 | |
| provides an alternative fine-grained control for SNMPv1 and SNMPv2 community
 | |
| strings. You provide a list of authentication stanzas, and Netdisco will try
 | |
| each in turn, then cache the one which works for a device.
 | |
| 
 | |
| Each stanza can be restricted for use only on specific IP prefixes (subnets),
 | |
| and also limited to read (get) and/or write (set) operations. By default, a
 | |
| stanza is enabled for all device IPs, for read access only. The "tag" of a
 | |
| stanza is simply a friendly name used by Netdisco to refer to the
 | |
| configuration.
 | |
| 
 | |
|  snmp_auth:
 | |
|    - community: public
 | |
|    - community: publictwo
 | |
|    - community: mycommunity
 | |
|      write: true
 | |
|    - community: mycommunity2
 | |
|      read: false
 | |
|      write: true
 | |
|    - tag: v3example
 | |
|      user: netdisco
 | |
|      auth:
 | |
|        pass: netdiscokey
 | |
|        proto: MD5
 | |
|      priv:
 | |
|        pass: netdiscokey2
 | |
|        proto: DES
 | |
|    - tag: v3aclexample
 | |
|      user: netdisco2
 | |
|      only:
 | |
|        - 192.0.2.0/30
 | |
|        - 172.20.10.0/24
 | |
|    - tag: v2aclexample
 | |
|      community: s3kr1t
 | |
|      read: false
 | |
|      write: true
 | |
|      only:
 | |
|        - 2001:db8::/32
 | |
| 
 | |
| For SNMPv1 and SNMPv2, only the C<community> key is required.  Unlike the
 | |
| global C<community>/C<community_rw> setting, this is not a list but a single
 | |
| item. To emulate their list behaviour, have multiple entries at the top
 | |
| C<snmp_auth> level, as in the example below.
 | |
| 
 | |
| You can add C<read> and/or C<write> restrictions, and an IP restriction using
 | |
| C<only>. Giving the stanza a C<tag> name is optional, but recommended.
 | |
| 
 | |
| For SNMPv3 the C<tag> and C<user> keys are required. You can add C<read>
 | |
| and/or C<write> restrictions, and an IP restriction using C<only>. Providing
 | |
| an C<auth> section enables the authentication security level. Providing a
 | |
| C<priv> section enables the message encryption security level.
 | |
| 
 | |
| As per Net-SNMP, the default SNMPv3 authentication security method is MD5, and
 | |
| the default encryption protocol is DES, with AES or AES256 being common
 | |
| alternatives. Note that you cannot have C<priv> without C<auth>.
 | |
| 
 | |
| On some device platforms SNMPv3 contexts are used to macsuck each VLAN. For
 | |
| this you usually configure a common context prefix, with Netdisco's default
 | |
| being "C<vlan->" (i.e. C<vlan-1>, C<vlan-2>, etc). Add the C<context_prefix>
 | |
| key to a stanza to override this.
 | |
| 
 | |
| Note that multiple SNMP v2 community strings need to be in separate named
 | |
| stanza, as below. However for simple v2 configurations you can use the
 | |
| C<community> shorthand instead:
 | |
| 
 | |
|  snmp_auth:
 | |
|    - tag: 'default_v2_readonly1'
 | |
|      community: 'read1'
 | |
|    - tag: 'default_v2_readonly2'
 | |
|      community: 'read2'
 | |
|   
 | |
|  # or...
 | |
|  community: ['read1', 'read2']
 | |
| 
 | |
| Netdisco caches both the successful SNMPv2 read and write community strings,
 | |
| as well as the C<tag> names if available. This allows for faster operations
 | |
| once a connection has previously been made to a device.
 | |
| 
 | |
| =head3 C<get_community>
 | |
| 
 | |
| Value: String. Default none.
 | |
| 
 | |
| An external program to run to get the community string for a given device.
 | |
| This is useful if, for example, you have you devices already configured in
 | |
| another NMS and you want to use that information instead of configuring
 | |
| C<snmp_auth>.
 | |
| 
 | |
| The strings "C<%IP%>" and "C<%HOST%>" are replaced by the IP address and the
 | |
| hostname (or IP address if no hostname is known) of the system being
 | |
| contacted. For example:
 | |
| 
 | |
|  get_community: '/path/to/my/program %IP%'
 | |
| 
 | |
| The command must return output in the following form:
 | |
| 
 | |
|  community=<comma-separated list of readonly-communities>
 | |
|  setCommunity=<comma-separated list of write-communities>
 | |
| 
 | |
| If the community string is not known for the given system, the command should
 | |
| return no output and the community strings configured in C<snmp_auth>,
 | |
| C<community>, and C<community_rw> will be used instead.
 | |
| 
 | |
| =head3 C<bulkwalk_off>
 | |
| 
 | |
| Value: Boolean. Default C<false>.
 | |
| 
 | |
| Set to C<true> to use C<GETNEXT> instead of the standard C<BULKWALK> for every
 | |
| device. This will slow things down, but might be necessary for problem
 | |
| devices. For more fine-grained control see the C<bulkwalk_no> setting.
 | |
| 
 | |
| =head3 C<bulkwalk_no>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| IP addresses in the list will use C<GETNEXT> (and not C<BULKWALK>).  See
 | |
| L</"ACCESS CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<bulkwalk_repeaters>
 | |
| 
 | |
| Value: Number. Default: 20.
 | |
| 
 | |
| Sets the Net-SNMP C<MaxRepeaters> value, which is used on C<BULKWALK>
 | |
| operations. See L<SNMP> for more info.
 | |
| 
 | |
| =head3 C<nonincreasing>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Setting this to C<true> prevents bulkwalk of device tables with
 | |
| non-increasing OIDs throwing an error C<OID not increasing> when encountered.
 | |
| The default is to allow non-increasing OIDs during bulkwalk (which may, in
 | |
| very badly performing SNMP agents, result in a never-ending loop).  Requires
 | |
| Net-SNMP 5.3 or higher.
 | |
| 
 | |
| =head3 C<snmpver>
 | |
| 
 | |
| Value: C<1|2|3>. Default: 3.
 | |
| 
 | |
| Highest version of the SNMP protocol used when connecting to devices. Use this
 | |
| setting to disable SNMP v3 globally. Usually you don't need to configure this.
 | |
| 
 | |
| =head3 C<snmpforce_v1>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| Forces matching devices to use SNMPv1.
 | |
| 
 | |
| =head3 C<snmpforce_v2>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| Forces matching devices to use SNMPv2c.
 | |
| 
 | |
| =head3 C<snmpforce_v3>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| Forces matching devices to use SNMPv3.
 | |
| 
 | |
| =head3 C<snmptimeout>
 | |
| 
 | |
| Value: Number. Default: 1000000.
 | |
| 
 | |
| Micro-seconds before connection retry in L<SNMP::Session>. 1000000
 | |
| micro-seconds = 1 second.
 | |
| 
 | |
| =head3 C<snmpretries>
 | |
| 
 | |
| Value: Number. Default: 2.
 | |
| 
 | |
| Number of times to retry connecting to a device before giving up.
 | |
| 
 | |
| =head3 C<discover_no>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| IP addresses in the list will not be visited during device discovery.  See
 | |
| L</"ACCESS CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| 
 | |
| =head3 C<discover_only>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| If present, device discovery will be limited to IP addresses matching entries
 | |
| in this list. See L</"ACCESS CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<discover_no_type>
 | |
| 
 | |
| Value: List of Strings. Default: None.
 | |
| 
 | |
| Place regular expression patterns here to exclude the discovery of certain
 | |
| devices based on the CDP/LLDP device type information. Good for excluding a
 | |
| whole device class like lightweight access points or IP phones that have CDP
 | |
| but don't talk SNMP. For example:
 | |
| 
 | |
|  discover_no_type:
 | |
|    - 'cisco\s+AIR-LAP'
 | |
|    - '(?i)Cisco\s+IP\s+Phone'
 | |
| 
 | |
| =head3 C<discover_min_age>
 | |
| 
 | |
| Value: Number. Default: 0.
 | |
| 
 | |
| Sets the minimum amount of time in seconds which must elapse between any two
 | |
| discover jobs for a device.
 | |
| 
 | |
| =head3 C<macsuck_no>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| IP addresses in the list will not be visited for macsuck. See L</"ACCESS
 | |
| CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<macsuck_only>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| If present, macsuck will be limited to IP addresses matching entries in this
 | |
| list.  See L</"ACCESS CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<macsuck_all_vlans>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Set to macsuck all VLANs, not just the ones that are being used on ports.
 | |
| This is a debug option. Set this if you think that the option of not
 | |
| macsucking VLANs that aren't in use on device ports is some how interfering.
 | |
| 
 | |
| =head3 C<macsuck_no_unnamed>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Set to true to skip macsuck-ing on VLANs which have no name set. This option
 | |
| may be useful on Cisco Catalyst family devices where ports are a member of a
 | |
| VLAN which is not defined in the VLAN database.
 | |
| 
 | |
| =head3 C<macsuck_no_vlan>
 | |
| 
 | |
| Value: List of VLAN names or numbers. Default: fddi-default,
 | |
| token-ring-default,fddinet-default,trnet-default.
 | |
| 
 | |
| On some devices, per-VLAN macsuck will timeout with specific VLAN numbers. You
 | |
| can put those numbers (or their names) into this list to have them skipped.
 | |
| 
 | |
| =head3 C<macsuck_no_devicevlan>
 | |
| 
 | |
| Value: List of "IP:vlan-number" or "IP:vlan-name". Default: Empty List.
 | |
| 
 | |
| Similar to C<macsuck_no_vlan>, but allows specifying the device root
 | |
| (canonical) IP, in order to restrict VLAN skipping only to some devices.
 | |
| 
 | |
| =head3 C<macsuck_unsupported>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| Similar to C<macsuck_no>, but instead of skipping nodes on this device, they
 | |
| are allowed to gather on the upstream device port. Useful for devices which
 | |
| can be discovered by Netdisco but do not provide a MAC address table via SNMP.
 | |
| See L</"ACCESS CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<macsuck_unsupported_type>
 | |
| 
 | |
| Value: List of Strings. Default: None.
 | |
| 
 | |
| Place regular expression patterns here to skip macsuck of certain devices
 | |
| based on the CDP/LLDP device type information they advertise. MAC addresses
 | |
| will be allowed to gather on the upstream device port, as in the
 | |
| C<macscuk_unsupported> setting. For example:
 | |
| 
 | |
|  macsuck_unsupported_type:
 | |
|    - 'cisco\s+AIR-LAP'
 | |
|    - '(?i)Cisco\s+IP\s+Phone'
 | |
| 
 | |
| =head3 C<macsuck_bleed>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Set to true will let nodes accumulate on uplink ports without topology
 | |
| information. This is a debug option to help you figure out your topology and
 | |
| generally should not be set.
 | |
| 
 | |
| =head3 C<macsuck_min_age>
 | |
| 
 | |
| Value: Number. Default: 0.
 | |
| 
 | |
| Sets the minimum amount of time in seconds which must elapse between any two
 | |
| macsuck jobs for a device.
 | |
| 
 | |
| =head3 C<arpnip_no>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| IP addresses in the list will not be visited for arpnip.  See L</"ACCESS
 | |
| CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<arpnip_only>
 | |
| 
 | |
| Value: List of Network Identifiers or Device Properties. Default: Empty List.
 | |
| 
 | |
| If present, arpnip will be limited to IP addresses matching entries in this
 | |
| list.  See L</"ACCESS CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<arpnip_min_age>
 | |
| 
 | |
| Value: Number. Default: 0.
 | |
| 
 | |
| Sets the minimum amount of time in seconds which must elapse between any two
 | |
| arpnip jobs for a device.
 | |
| 
 | |
| =head3 C<nbtstat_no>
 | |
| 
 | |
| Value: List of Network Identifiers. Default: Empty List.
 | |
| 
 | |
| IP addresses in the list will not be visited for nbtstat.  See L</"ACCESS
 | |
| CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<nbtstat_only>
 | |
| 
 | |
| Value: List of Network Identifiers. Default: Empty List.
 | |
| 
 | |
| If present, nbtstat will be limited to IP addresses matching entries in this
 | |
| list.  See L</"ACCESS CONTROL LISTS"> for what you can use here.
 | |
| 
 | |
| =head3 C<nbtstat_max_age>
 | |
| 
 | |
| Value: Number. Default: 7.
 | |
| 
 | |
| The maximum age of a node in days for it to be checked for NetBIOS
 | |
| information.
 | |
| 
 | |
| =head3 C<nbtstat_interval>
 | |
| 
 | |
| Value: Number. Default: 0.02.
 | |
| 
 | |
| Interval between nbtstat requests in each poller. Defaults to 0.02 seconds,
 | |
| equating to 50 requests per second per poller.
 | |
| 
 | |
| =head3 C<nbtstat_timeout>
 | |
| 
 | |
| Value: Number. Default: 1.
 | |
| 
 | |
| Seconds nbtstat will wait for a response before time out.  Accepts fractional
 | |
| seconds as well as integers.
 | |
| 
 | |
| =head3 C<node_freshness>
 | |
| 
 | |
| Value: Number of Minutes. Default: 0
 | |
| 
 | |
| Controls the behaviour of Netdisco when a node (workstation, printer, etc) has
 | |
| disappeared from the network (device MAC address tables).
 | |
| 
 | |
| If set to 0, the default, nodes will remain on the last-seen switch port until
 | |
| "C<expire_nodes>" days have passed (when they'll be deleted if you run the
 | |
| Expire job). This is the same behaviour as Netdisco 1.
 | |
| 
 | |
| Set to a number of minutes to enforce some kind of ageing on this data. For
 | |
| example you could set to 60 to match the default macsuck schedule, meaning
 | |
| nodes are archived if they're not in the device tables at the time of polling.
 | |
| 
 | |
| =head3 C<expire_devices>
 | |
| 
 | |
| Value: Number of Days. Default: 60
 | |
| 
 | |
| Devices that have not been refreshed in this number of days will be removed.
 | |
| All nodes connected to this device will be removed as well.
 | |
| 
 | |
| =head3 C<expire_nodes>
 | |
| 
 | |
| Value: Number of Days. Default: 90
 | |
| 
 | |
| Nodes that have not been refreshed in this number of days will be removed from
 | |
| the database. Archived and non-archived nodes are removed. This includes
 | |
| SwitchPort/MAC and MAC/IP mappings.
 | |
| 
 | |
| =head3 C<expire_nodes_archive>
 | |
| 
 | |
| Value: Number of Days. Default: 60
 | |
| 
 | |
| Archived data for switch-port/MAC and MAC/IP mappings older than this number
 | |
| of days will be removed.
 | |
| 
 | |
| =head3 C<expire_jobs>
 | |
| 
 | |
| Value: Number of Days. Default: 14
 | |
| 
 | |
| Jobs which entered the job queue more than this many days ago will be removed
 | |
| from the queue during the scheduled expiry process (regardless of whether they
 | |
| were ever run).
 | |
| 
 | |
| =head3 C<dns>
 | |
| 
 | |
| Value: Settings Tree. Default:
 | |
| 
 | |
|  dns:
 | |
|    max_outstanding: 50
 | |
|    hosts_file: '/etc/hosts'
 | |
|    no: ['fe80::/64','169.254.0.0/16']
 | |
| 
 | |
| Controls the asynchronous DNS resolver used to resolve IP addresses to names
 | |
| during arpnip and discovery of device aliases.
 | |
| 
 | |
| C<max_outstanding> sets the maximum number of outstanding requests for
 | |
| asynchronous DNS resolution.  This setting overrides the
 | |
| C<PERL_ANYEVENT_MAX_OUTSTANDING_DNS> environment value and the C<AnyEvent>
 | |
| library default of 10.
 | |
| 
 | |
| Similarly, the location of the Hosts file can be overridden in this config, or
 | |
| using the C<PERL_ANYEVENT_HOSTS> environment variable.
 | |
| 
 | |
| C<no> is a list of IP addresses or CIDR ranges to excluded from DNS
 | |
| resolution.  Link local addresses are excluded by default.
 | |
| 
 | |
| =head3 C<store_wireless_clients>
 | |
| 
 | |
| Value: Boolean. Default: C<true>.
 | |
| 
 | |
| Set to false to skip the wireless client information gathering. This is
 | |
| captured at macsuck time, so if you aren't using the information you can skip
 | |
| it.
 | |
| 
 | |
| =head3 C<store_modules>
 | |
| 
 | |
| Value: Boolean. Default: C<true>.
 | |
| 
 | |
| Set to false to skip the module inventory on device discovery. On some
 | |
| platforms this can double the discovery time.
 | |
| 
 | |
| =head3 C<ignore_interfaces>
 | |
| 
 | |
| Value: List of Strings. Default:
 | |
| 
 | |
|  ignore_interfaces:
 | |
|    - 'EOBC'
 | |
|    - 'unrouted VLAN'
 | |
|    - 'StackPort'
 | |
|    - 'Control Plane Interface'
 | |
|    - 'SPAN (S|R)P Interface'
 | |
|    - 'StackSub'
 | |
|    - 'netflow'
 | |
|    - 'Vlan\d+-mpls layer'
 | |
|    - 'BRI\S+-Bearer Channel'
 | |
|    - 'BRI\S+-Physical'
 | |
|    - 'BRI\S+-Signalling'
 | |
|    - 'Embedded-Service-Engine\d+\/\d+'
 | |
|    - 'Virtual-Template\d+'
 | |
|    - 'Virtual-Access\d+'
 | |
|    - '(E|T)\d \d\/\d\/\d'
 | |
| 
 | |
| If present, device ports whose names match fully any of the items in this list
 | |
| will be ignored by the discovery process.
 | |
| 
 | |
| Note this may have side effects - connected devices and nodes on those ports
 | |
| will in turn also not be discovered.
 | |
| 
 | |
| =head3 C<ignore_private_nets>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Set to true to ignore device interfaces that are part of private nets (RFC
 | |
| 1918).
 | |
| 
 | |
| =head3 C<reverse_sysname>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Turn this on to have Netdisco do a reverse lookup of the device C<sysName.0>
 | |
| field to use as the management IP address for a device.
 | |
| 
 | |
| =head3 C<phone_capabilities>
 | |
| 
 | |
| Value: List of Strings. Default:
 | |
| 
 | |
|  phone_capabilities:
 | |
|    - '(?i:phone)'
 | |
| 
 | |
| Regular expressions to match the Capability field received within neighbor
 | |
| discovery protocols such as CDP/FDP/LLDP. Netdisco uses this to display a
 | |
| "phone" icon alongside devices or nodes in the Device Ports table.
 | |
| 
 | |
| To find the received Capabilities on an upstream device, run this command:
 | |
| 
 | |
|  ~netdisco/bin/netdisco-do show -d <IP-of-device> -e c_cap
 | |
| 
 | |
| =head3 C<phone_platforms>
 | |
| 
 | |
| Value: List of Strings. Default:
 | |
| 
 | |
|  phone_platforms:
 | |
|    - '(?i:mitel.5\d{3})'
 | |
| 
 | |
| Regular expressions to match the Platform field received within neighbor
 | |
| discovery protocols such as CDP/FDP/LLDP. Netdisco uses this to display a
 | |
| "phone" icon alongside devices or nodes in the Device Ports table.
 | |
| 
 | |
| To find the received Platforms on an upstream device, run this command:
 | |
| 
 | |
|  ~netdisco/bin/netdisco-do show -d <IP-of-device> -e c_platform
 | |
| 
 | |
| =head3 C<phone_ouis>
 | |
| 
 | |
| Value: List of Strings. Default: Empty List.
 | |
| 
 | |
| If you can't get C<phone_capabilities> or C<phone_platforms> to match, as a
 | |
| last ditch attempt you can match on the MAC address of the device (if it has
 | |
| one). This is a set of regular expressions matched against the whole MAC
 | |
| address (not only the OUI portion) in IEEE format. For example:
 | |
| 
 | |
|  phone_ouis:
 | |
|    - '^a4:0c:c3'
 | |
| 
 | |
| =head3 C<wap_capabilities>
 | |
| 
 | |
| Value: List of Strings. Default:
 | |
| 
 | |
|  wap_capabilities:
 | |
|    - 'wlanAccessPoint'
 | |
| 
 | |
| Regular expressions to match the Capability field received within neighbor
 | |
| discovery protocols such as CDP/FDP/LLDP. Netdisco uses this to display a
 | |
| "wireless signal" icon alongside devices or nodes in the Device Ports table.
 | |
| 
 | |
| To find the received Capabilities on an upstream device, run this command:
 | |
| 
 | |
|  ~netdisco/bin/netdisco-do show -d <IP-of-device> -e c_cap
 | |
| 
 | |
| =head3 C<wap_platforms>
 | |
| 
 | |
| Value: List of Strings. Default:
 | |
| 
 | |
|  wap_platforms:
 | |
|    - '(?i:\bw?ap\b)'
 | |
|    - 'cisco\s+AIR-[L|C]?AP'
 | |
|    - '-K9W8-'
 | |
| 
 | |
| Regular expressions to match the Platform field received within neighbor
 | |
| discovery protocols such as CDP/FDP/LLDP. Netdisco uses this to display a
 | |
| "wireless signal" icon alongside devices or nodes in the Device Ports table.
 | |
| 
 | |
| To find the received Platforms on an upstream device, run this command:
 | |
| 
 | |
|  ~netdisco/bin/netdisco-do show -d <IP-of-device> -e c_platform
 | |
| 
 | |
| =head3 C<wap_ouis>
 | |
| 
 | |
| Value: List of Strings. Default: Empty List.
 | |
| 
 | |
| If you can't get C<wap_capabilities> or C<wap_platforms> to match, as a last
 | |
| ditch attempt you can match on the MAC address of the device (if it has one).
 | |
| This is a set of regular expressions matched against the whole MAC address
 | |
| (not only the OUI portion) in IEEE format. For example:
 | |
| 
 | |
|  wap_ouis:
 | |
|    - '^a4:0c:c3'
 | |
| 
 | |
| =head2 Backend Daemon
 | |
| 
 | |
| =head3 C<workers>
 | |
| 
 | |
| Value: Settings Tree. Default:
 | |
| 
 | |
|  workers:
 | |
|    tasks: 'AUTO * 2'
 | |
|    sleep_time: 1
 | |
|    min_runtime: 0
 | |
| 
 | |
| Control the activity of the backend daemon with this configuration setting.
 | |
| 
 | |
| C<tasks> sets how many worker processes are started for interactive jobs (port
 | |
| control) and polling jobs (discover, macsuck, arpnip) on this node. Other
 | |
| nodes can have different settings.
 | |
| 
 | |
| "C<AUTO>" is the number of CPU cores.  Set C<tasks> to "C<0>" to disable all
 | |
| workers (which allows you to have a scheduler-only node).
 | |
| 
 | |
| C<sleep_time> is the number of seconds between polling the database to find
 | |
| new jobs. This is a balance between responsiveness and database load.
 | |
| 
 | |
| C<min_runtime> allows you to set a time that each worker will sleep before
 | |
| recycling and starting another job. Some users report this needs to be set
 | |
| to avoid a 'runaway worker' bug. It can take a fractional number of seconds.
 | |
| 
 | |
| =head3 C<schedule>
 | |
| 
 | |
| Value: Settings Tree. Default: None.
 | |
| 
 | |
| If set, then this node's backend daemon will schedule polling jobs (discover,
 | |
| macsuck, arpnip, etc) in the central database. It's fine to have multiple
 | |
| nodes scheduling work for redundancy (but make sure they all have good NTP).
 | |
| 
 | |
| Note that this is independent of the Tasks configured in C<workers>. It's
 | |
| okay to have this node schedule schedule but not do any of the polling
 | |
| itself (C<tasks: 0>).
 | |
| 
 | |
| Work can be scheduled using C<cron> style notation, or a simple weekday and
 | |
| hour fields (which accept same types as C<cron> notation). For example:
 | |
| 
 | |
|  schedule:
 | |
|    discoverall:
 | |
|      when: '0 9 * * *'
 | |
|    arpwalk:
 | |
|      when:
 | |
|        min: 30
 | |
|    macwalk:
 | |
|      when:
 | |
|        min: 15
 | |
|        hour: '*/2'
 | |
|        wday: 'mon-fri'
 | |
|    nbtwalk:
 | |
|      when: '0 8,13,21 * * *'
 | |
|    expire:
 | |
|      when: '20 23 * * *'
 | |
| 
 | |
| Note that the "C<when>" fields default to "all" (i.e. "C<*>") when not
 | |
| specified. See L<Algorithm::Cron> for further details.
 | |
| 
 | |
| =head2 Dancer Internal
 | |
| 
 | |
| =head3 C<charset>
 | |
| 
 | |
| Value: String. Default: C<UTF-8>.
 | |
| 
 | |
| See L<Dancer::Config/"charset-string">.
 | |
| 
 | |
| =head3 C<warnings>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Should warnings be considered as critical errors?
 | |
| 
 | |
| =head3 C<show_errors>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| Whether to show a stack trace when an error is caught in the web frontend.
 | |
| 
 | |
| =head3 C<logger>
 | |
| 
 | |
| Value: C<console|file>. Default: C<console>.
 | |
| 
 | |
| Destination for log messages. Should usually be C<console>, which does the
 | |
| right thing when running foreground apps, and is also captured to
 | |
| C<${HOME}/logs> when running daemonized. Only change this if you know what
 | |
| you're doing.
 | |
| 
 | |
| =head3 C<engines>
 | |
| 
 | |
| Value: Settings Tree.
 | |
| 
 | |
| Useful for overriding the Template Toolkit settings, if you want.
 | |
| 
 | |
| =head3 C<layout>
 | |
| 
 | |
| Value: String. Default: C<main>.
 | |
| 
 | |
| Don't touch this.
 | |
| 
 | |
| =head3 C<plugins>
 | |
| 
 | |
| Value: Settings Tree.
 | |
| 
 | |
| Useful for overriding the Database configuration, but only if you know what
 | |
| you're doing.
 | |
| 
 | |
| =head3 C<session>
 | |
| 
 | |
| Value: String. Default: C<cookie>.
 | |
| 
 | |
| How to handle web sessions. Default is to store in an encrypted cookie
 | |
| using a key stored in the database by C<netdisco-deploy>.
 | |
| 
 | |
| =head3 C<template>
 | |
| 
 | |
| Value: String. Default: C<template_toolkit>.
 | |
| 
 | |
| Which engine to use for templating in the web frontend. Don't touch this.
 | |
| 
 | |
| =head3 C<route_cache>
 | |
| 
 | |
| Value: Boolean. Default: C<true>.
 | |
| 
 | |
| Whether to build a route cache for web requests, for better performance.
 | |
| 
 | |
| =head3 C<appname>
 | |
| 
 | |
| Value: String. Default: C<Netdisco>.
 | |
| 
 | |
| Don't touch this.
 | |
| 
 | |
| =head3 C<behind_proxy>
 | |
| 
 | |
| Value: Boolean. Default: C<false>.
 | |
| 
 | |
| There's no need to touch this. See deployment documentation for how to proxy.
 | |
| 
 | |
| =head1 UNSUPPORTED (SO FAR)
 | |
| 
 | |
| These settings are from Netdisco 1.x but are yet to be supported in Netdisco
 | |
| 2. If you really need the feature, please let the developers know.
 | |
| 
 | |
| =over 4
 | |
| 
 | |
| =item *
 | |
| 
 | |
| C<col_xxx_show>
 | |
| 
 | |
| =item *
 | |
| 
 | |
| C<macsuck_timeout>
 | |
| 
 | |
| =item *
 | |
| 
 | |
| C<port_info>
 | |
| 
 | |
| =item *
 | |
| 
 | |
| C<portctl_timeout>
 | |
| 
 | |
| =item *
 | |
| 
 | |
| C<timeout>
 | |
| 
 | |
| =back
 | |
| 
 | |
| =cut
 |