911 lines
26 KiB
Plaintext
911 lines
26 KiB
Plaintext
=head1 NAME
|
|
|
|
App::Netdisco::Manual::Configuration - How to Configure Netdisco
|
|
|
|
=head1 INTRODUCTION
|
|
|
|
The configuration files for Netdisco come with all options set to sensible
|
|
default values, and just a few that you must initially set yourself.
|
|
|
|
However as you use the system over time, there are many situations where you
|
|
might want to tune the behaviour of Netdisco, and for that we have a lot of
|
|
configuration settings available.
|
|
|
|
=head2 GUIDANCE
|
|
|
|
There are two configuration files: C<config.yml> (which lives inside Netdisco)
|
|
and C<deployment.yml> (which usually lives in C<${HOME}/environments>).
|
|
|
|
The C<config.yml> file includes defaults for every setting, and should be left
|
|
alone. Any time you want to set an option, use only the C<deployment.yml>
|
|
file. The two are merged when Netdisco starts, with your settings in
|
|
C<deployment.yml> overriding the defaults from C<config.yml>.
|
|
|
|
The configuration file format for Netdisco is YAML. This is easy for humans to
|
|
edit, but you should take care over whitespace and avoid TAB characters. YAML
|
|
supports several data types:
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
Boolean - True/False value, using C<1> and C<0> or C<true> and C<false>
|
|
respectively
|
|
|
|
=item *
|
|
|
|
List - Set of things using C<[a, b, c]> on one line or C<-> on separate lines
|
|
|
|
=item *
|
|
|
|
Dictionary - Key/Value pairs (like Perl Hash) using C<{key1: val1, key2,
|
|
val2}> on one line or C<key: value> on separate lines
|
|
|
|
=item *
|
|
|
|
String - Quoted, just like in Perl (and essential if the item contains the
|
|
colon character)
|
|
|
|
=back
|
|
|
|
=head1 SUPPORTED SETTINGS
|
|
|
|
=head2 Essential Settings
|
|
|
|
If you followed the installation instructions, then you should have set the
|
|
database connection parameters to match those of your local system. That is,
|
|
the database C<name>, C<host>, C<user> and C<pass>.
|
|
|
|
=head2 General Settings
|
|
|
|
=head3 C<log>
|
|
|
|
Value: C<debug|warning|error>. Default: C<warning>.
|
|
|
|
The log level used by Netdisco. It's useful to see warning messages from the
|
|
backend poller, as this can highlight broken topology.
|
|
|
|
=head3 C<logger_format>
|
|
|
|
Value: Format String. Default: C<< '[%P] %L @%D> %m' >>.
|
|
|
|
Structure of the log messages. See L<Dancer::Logger::Abstract/"logger_format">
|
|
for details.
|
|
|
|
=head2 Web Frontend
|
|
|
|
=head3 C<domain_suffix>
|
|
|
|
Value: String. Default: None.
|
|
|
|
Set this to your local site's domain name. This is usually removed from node
|
|
names in the web interface to make things more readable. Make sure to include
|
|
the leading dot character.
|
|
|
|
=head3 C<no_auth>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Enable this to disable login authentication in the web frontend. The username
|
|
will be set to C<guest> so if you want to allow extended permissions (C<admin>
|
|
or C<port_control>, create a dummy user with the appropriate flag in the
|
|
database:
|
|
|
|
netdisco=> insert into users (username) values ('guest');
|
|
netdisco=> update users set port_control = true where username = 'guest';
|
|
netdisco=> update users set admin = true where username = 'guest';
|
|
|
|
=head3 C<suggest_guest>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Enable this to display a banner suggesting to log in with a guest account.
|
|
The username and password of this account must both be "guest".
|
|
|
|
=head3 C<trust_remote_user>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Enable this if Netdisco is running within another web server such as Apache,
|
|
and you want that server to handle user authentication. Normally the
|
|
authenticated username will automatically be set in the C<REMOTE_USER>
|
|
environment variable. See L<Dancer::Deployment/Running from Apache> for
|
|
further details.
|
|
|
|
=head3 C<trust_x_remote_user>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Enable this if you proxy requests to Netdisco via another web server such as
|
|
Apache, and you want that server to handle user authentication. You need to
|
|
configure the authorized username to be passed from the frontend environment
|
|
to Netdisco in the C<X-REMOTE_USER> HTTP Header. For example with Apache:
|
|
|
|
RequestHeader unset X-REMOTE_USER
|
|
RequestHeader set X-REMOTE_USER "%{REMOTE_USER}e" env=REMOTE_USER
|
|
|
|
=head3 C<ldap>
|
|
|
|
Value: Settings Tree. Default: None.
|
|
|
|
If set, and a user has the C<ldap> flag also set on their account, then LDAP
|
|
authentication will be used for their login. You I<must> install the
|
|
L<Net::LDAP> Perl module in order to use this feature. For example:
|
|
|
|
ldap:
|
|
servers:
|
|
- 'ad.example.com'
|
|
user_string: 'MYDOMAIN\%USER%'
|
|
opts:
|
|
debug: 3
|
|
|
|
There are several options within this setting:
|
|
|
|
=head4 C<servers>
|
|
|
|
This must be a list of one or more LDAP servers. If using Active Directory
|
|
these would be your Domain Controllers.
|
|
|
|
=head4 C<user_string>
|
|
|
|
String to construct the user portion of the DN. C<%USER%> is a variable which
|
|
will be replaced at runtime with the logon name entered on the logon page of
|
|
the application.
|
|
|
|
Active Directory users may simply use C<MYDOMAIN\%USER%> and skip all other
|
|
options except C<servers>, as this notation eliminates the need to construct
|
|
the full distinguished name.
|
|
|
|
Examples: C<cn=%USER%> or C<uid=%USER%>.
|
|
|
|
=head4 C<base>
|
|
|
|
Indicates where in the hierarchy to begin searches. If a proxy user is not
|
|
defined and anonymous binds are not enabled this value will be appended to the
|
|
C<user_string> to construct the distinguished name for authentication.
|
|
|
|
=head4 C<proxy_user>
|
|
|
|
User to bind with to perform searches. If defined as C<anonymous>, then
|
|
anonymous binds will be performed and C<proxy_pass> will be ignored. For
|
|
organizations with users in multiple OUs this option can be used to search for
|
|
the user and construct the DN based upon the result.
|
|
|
|
=head4 C<proxy_pass>
|
|
|
|
Proxy user password. Ignored if proxy user defined as anonymous.
|
|
|
|
=head4 C<opts>
|
|
|
|
Hash of options to add to the connect string. Normally only needed if server
|
|
does not support LDAPv3, or to enable debugging as in the example above.
|
|
|
|
=head4 C<tls_opts>
|
|
|
|
A hash which, when defined, causes the connection tol use Transport Layer
|
|
Security (TLS) which provides an encrypted connection. TLS is the preferred
|
|
method of encryption, ldaps (port 636) is not supported.
|
|
|
|
This is only possible if using LDAPv3 and the server supports it. These are
|
|
the options for the TLS connection. See the L<Net::LDAP> documentation under
|
|
start_tls for options, but the defaults should work in most cases.
|
|
|
|
=head3 C<path>
|
|
|
|
Value: String. Default: None.
|
|
|
|
Mount point for the Netdisco web frontend. This is usually the root of the web
|
|
server. Set this to the path under which all pages live, e.g. C</netdisco2>.
|
|
As an alternative you can use the C<--path> option to C<netdisco-web>.
|
|
|
|
=head3 C<web_plugins>
|
|
|
|
Value: List of Modules. Default: List of bundled L<App::Netdisco::Web::Plugin> names.
|
|
|
|
Netdisco's plugin system allows the user more control over the user interface.
|
|
Plugins can be distributed independently from Netdisco and are a better
|
|
alternative to source code patches. This setting is the list of Plugins which
|
|
are used in the default Netdisco distribution.
|
|
|
|
You can override this to set your own list. If you only want to add to the
|
|
default list then use C<extra_web_plugins>, which allows the Netdisco
|
|
developers to update default C<web_plugins> in a future release.
|
|
|
|
Entries in the list will by default omit the leading
|
|
C<App::Netdisco::Web::Plugin::> from the name. To override this for one entry,
|
|
prefix it with a C<+> sign. You can also prefix with C<X::> to signify the
|
|
alternate C<App::NetdiscoX::Web::Plugin::> namepsace.
|
|
|
|
=head3 C<extra_web_plugins>
|
|
|
|
Value: List of Modules. Default: Empty List.
|
|
|
|
List of additional L<App::Netdisco::Web::Plugin> names to load. See also the
|
|
C<web_plugins> setting.
|
|
|
|
=head2 Netdisco Core
|
|
|
|
=head3 C<mibhome>
|
|
|
|
Value: Directory. Default: C<${HOME}/netdisco-mibs>.
|
|
|
|
Base directory in which to find C<mibdirs>. This is where C<netdisco-deploy>
|
|
will drop MIB files.
|
|
|
|
=head3 C<mibdirs>
|
|
|
|
Value: List of Directories. Default: All subdirectories of C<mibhome>.
|
|
|
|
A list of subdirectories of C<mibhome> from which to load MIB files. You
|
|
should always include C<rfc>. For example:
|
|
|
|
mibdirs:
|
|
- rfc
|
|
- cisco
|
|
- foundry
|
|
|
|
=head3 C<community>
|
|
|
|
Value: List of Strings. Default: C<public>.
|
|
|
|
A list of read-only SNMP community strings to try on each device. This is the
|
|
simplest way to configure your SNMPv1 or SNMPv2 community strings. For
|
|
example:
|
|
|
|
community:
|
|
- public
|
|
- anotherstring
|
|
- mycommunity
|
|
|
|
Each is tried in turn when polling the device, and then the working community
|
|
string will be cached in the database.
|
|
|
|
For fine-grained control over which communities are tried for which devices,
|
|
or to set SNMPv3 authentication, see C<snmp_auth>, below.
|
|
|
|
=head3 C<community_rw>
|
|
|
|
Value: List of Strings. Default: C<private>.
|
|
|
|
A list of read-write SNMP community strings to try on each device. The working
|
|
community will be cached in the database.
|
|
|
|
This is the simplest way to configure SNMPv1 or SNMPv2 community strings. Each
|
|
is tried in turn when writing to the device, and then the working community
|
|
string will be cached in the database.
|
|
|
|
For fine-grained control over which communities are tried for which devices,
|
|
or to set SNMPv3 authentication, see C<snmp_auth>, below.
|
|
|
|
=head3 C<snmp_auth>
|
|
|
|
Value: List of Settings Trees. Default: Empty List.
|
|
|
|
This setting is used for SNMPv3 authentication configuration, and also
|
|
provides an alternative fine-grained control for SNMPv1 and SNMPv2 community
|
|
strings. You provide a list of authentication stanzas, and Netdisco will try
|
|
each in turn, then cache the one which works for a device.
|
|
|
|
Each stanza can be restricted for use only on specific IP prefixes (subnets),
|
|
and also limited to read (get) and/or write (set) operations. By default, a
|
|
stanza is enabled for all device IPs, for read access only. The "tag" of a
|
|
stanza is simply a friendly name used by Netdisco to refer to the
|
|
configuration.
|
|
|
|
snmp_auth:
|
|
-
|
|
community: public
|
|
-
|
|
write: true
|
|
communtiy: mycommunity
|
|
-
|
|
read: false
|
|
write: true
|
|
community: mycommunity2
|
|
-
|
|
tag: v3example
|
|
user: netdisco
|
|
auth:
|
|
pass: netdiscokey
|
|
proto: MD5
|
|
priv:
|
|
pass: netdiscokey2
|
|
proto: DES
|
|
-
|
|
tag: v3aclexample
|
|
user: netdisco2
|
|
only:
|
|
- 192.0.2.0/30
|
|
- 172.20.10.0/24
|
|
-
|
|
tag: v2aclexample
|
|
community: s3kr1t
|
|
read: false
|
|
write: true
|
|
only:
|
|
- 2001:db8::/32
|
|
|
|
|
|
For SNMPv1 and SNMPv2, only the C<community> key is required. You can add
|
|
C<read> and/or C<write> restrictions, and an IP restriction using C<only>.
|
|
Giving the stanza a C<tag> name is optional, but recommended.
|
|
|
|
For SNMPv3 the C<tag> and C<user> keys are required. You can add C<read>
|
|
and/or C<write> restrictions, and an IP restriction using C<only>. Providing
|
|
an C<auth> section enables the authentication security level. Providing a
|
|
C<priv> section enables the message encryption security level.
|
|
|
|
As per Net-SNMP, the default SNMPv3 authentication security method is MD5, and
|
|
the default encryption protocol is DES, with AES or AES256 being common
|
|
alternatives. Note that you cannot have C<priv> without C<auth>.
|
|
|
|
On some device platforms SNMPv3 contexts are used to macsuck each VLAN. For
|
|
this you usually configure a common context prefix, with Netdisco's default
|
|
being "C<vlan->" (i.e. C<vlan-1>, C<vlan-2>, etc). Add the C<context_prefix>
|
|
key to a stanza to override this.
|
|
|
|
=head3 C<get_community>
|
|
|
|
Value: String. Default none.
|
|
|
|
An external program to run to get the community string for a given device.
|
|
This is useful if, for example, you have you devices already configured in
|
|
another NMS and you want to use that information instead of configuring
|
|
C<snmp_auth>.
|
|
|
|
The strings "C<%IP%>" and "C<%HOST%>" are replaced by the IP address and the
|
|
hostname (or IP address if no hostname is known) of the system being
|
|
contacted. For example:
|
|
|
|
get_community: '/path/to/my/program %IP%'
|
|
|
|
The command must return output in the following form:
|
|
|
|
community=<comma-separated list of readonly-communities>
|
|
setCommunity=<comma-separated list of write-communities>
|
|
|
|
If the community string is not known for the given system, the command should
|
|
return no output and the community strings configured in C<snmp_auth>,
|
|
C<community>, and C<community_rw> will be used instead.
|
|
|
|
=head3 C<bulkwalk_off>
|
|
|
|
Value: Boolean. Default C<false>.
|
|
|
|
Set to C<true> to use C<GETNEXT> instead of the standard C<BULKWALK> for every
|
|
device. This will slow things down, but might be necessary for problem
|
|
devices. For more fine-grained control see the C<bulkwalk_no> setting.
|
|
|
|
=head3 C<bulkwalk_no>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
IP addresses in the list will use C<GETNEXT> (and not C<BULKWALK>). You can
|
|
include hostnames, IP addresses, subnets (IPv4 or IPv6), YAML Regexp to match
|
|
the DNS name, and address ranges (using a hyphen and no whitespace) in the
|
|
list.
|
|
|
|
Alternatively include a "C<property:regex>" entry to match the named property
|
|
of the device. The regex must match the complete value.
|
|
|
|
=head3 C<bulkwalk_repeaters>
|
|
|
|
Value: Number. Default: 20.
|
|
|
|
Sets the Net-SNMP C<MaxRepeaters> value, which is used on C<BULKWALK>
|
|
operations. See L<SNMP> for more info.
|
|
|
|
=head3 C<nonincreasing>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Setting this to C<true> will allow the bulkwalk of devices that have tables
|
|
with non-increasing OIDs. The default is to not allow this behavior, to
|
|
prevent discovery on problem devices from looping indefinitely. Requires
|
|
Net-SNMP 5.3 or higher.
|
|
|
|
=head3 C<snmpver>
|
|
|
|
Value: C<1|2|3>. Default: 3.
|
|
|
|
Highest version of the SNMP protocol used when connecting to devices. Use this
|
|
setting to disable SNMP v3 globally. Usually you don't need to configure this.
|
|
|
|
=head3 C<snmpforce_v1>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
Forces matching devices to use SNMPv1.
|
|
|
|
=head3 C<snmpforce_v2>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
Forces matching devices to use SNMPv2c.
|
|
|
|
=head3 C<snmpforce_v3>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
Forces matching devices to use SNMPv3.
|
|
|
|
=head3 C<snmptimeout>
|
|
|
|
Value: Number. Default: 1000000.
|
|
|
|
Micro-seconds before connection retry in L<SNMP::Session>. 1000000
|
|
micro-seconds = 1 second.
|
|
|
|
=head3 C<snmpretries>
|
|
|
|
Value: Number. Default: 2.
|
|
|
|
Number of times to retry connecting to a device before giving up.
|
|
|
|
=head3 C<discover_no>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
IP addresses in the list will not be visited during device discovery. You can
|
|
include hostnames, IP addresses, subnets (IPv4 or IPv6), YAML Regexp to match
|
|
the DNS name, and address ranges (using a hyphen and no whitespace) in the
|
|
list.
|
|
|
|
Alternatively include a "C<property:regex>" entry to match the named property
|
|
of the device. The regex must match the complete value.
|
|
|
|
=head3 C<discover_only>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
If present, device discovery will be limited to IP addresses matching entries
|
|
in this list. You can include hostnames, IP addresses, subnets (IPv4 and
|
|
IPv6), YAML Regexp to match the DNS name, and address ranges (using a hyphen
|
|
and no whitespace).
|
|
|
|
Alternatively include a "C<property:regex>" entry to match the named property
|
|
of the device. The regex must match the complete value.
|
|
|
|
=head3 C<discover_no_type>
|
|
|
|
Value: List of Strings. Default: None.
|
|
|
|
Place regular expression patterns here to exclude the discovery of certain
|
|
devices based on the CDP/LLDP device type information. Good for excluding a
|
|
whole device class like lightweight access points or IP phones that have CDP
|
|
but don't talk SNMP. For example:
|
|
|
|
discover_no_type:
|
|
- 'cisco\s+AIR-LAP'
|
|
- '(?i)Cisco\s+IP\s+Phone'
|
|
|
|
=head3 C<discover_min_age>
|
|
|
|
Value: Number. Default: 0.
|
|
|
|
Sets the minimum amount of time in seconds which must elapse between any two
|
|
discover jobs for a device.
|
|
|
|
=head3 C<macsuck_no>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
IP addresses in the list will not be visited for macsuck. You can include
|
|
hostnames, IP addresses, subnets (IPv4 or IPv6), YAML Regexp to match the DNS
|
|
name, and address ranges (using a hyphen and no whitespace) in the list.
|
|
|
|
Alternatively include a "C<property:regex>" entry to match the named property
|
|
of the device. The regex must match the complete value.
|
|
|
|
=head3 C<macsuck_only>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
If present, macsuck will be limited to IP addresses matching entries in this
|
|
list. You can include hostnames, IP addresses, subnets (IPv4 and IPv6), YAML
|
|
Regexp to match the DNS name, and address ranges (using a hyphen and no
|
|
whitespace).
|
|
|
|
Alternatively include a "C<property:regex>" entry to match the named property
|
|
of the device. The regex must match the complete value.
|
|
|
|
=head3 C<macsuck_all_vlans>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Set to macsuck all VLANs, not just the ones that are being used on ports.
|
|
This is a debug option. Set this if you think that the option of not
|
|
macsucking VLANs that aren't in use on device ports is some how interfering.
|
|
|
|
=head3 C<macsuck_no_unnamed>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Set to true to skip macsuck-ing on VLANs which have no name set. This option
|
|
may be useful on Cisco Catalyst family devices where ports are a member of a
|
|
VLAN which is not defined in the VLAN database.
|
|
|
|
=head3 C<macsuck_no_vlan>
|
|
|
|
Value: List of VLAN names or numbers. Default: fddi-default,
|
|
token-ring-default,fddinet-default,trnet-default.
|
|
|
|
On some devices, per-VLAN macsuck will timeout with specific VLAN numbers. You
|
|
can put those numbers (or their names) into this list to have them skipped.
|
|
|
|
=head3 C<macsucl_no_devicevlan>
|
|
|
|
Value: List of "IP:vlan-number" or "IP:vlan-name". Default: Empty List.
|
|
|
|
Similar to C<macsuck_no_vlan>, but allows specifying the device root
|
|
(canonical) IP, in order to restrict VLAN skipping only to some devices.
|
|
|
|
=head3 C<macsuck_bleed>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Set to true will let nodes accumulate on uplink ports without topology
|
|
information. This is a debug option to help you figure out your topology and
|
|
generally should not be set.
|
|
|
|
=head3 C<macsuck_min_age>
|
|
|
|
Value: Number. Default: 0.
|
|
|
|
Sets the minimum amount of time in seconds which must elapse between any two
|
|
macsuck jobs for a device.
|
|
|
|
=head3 C<arpnip_no>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
IP addresses in the list will not be visited for arpnip. You can include
|
|
hostnames, IP addresses, subnets (IPv4 or IPv6), YAML Regexp to match the DNS
|
|
name, and address ranges (using a hyphen and no whitespace) in the list.
|
|
|
|
Alternatively include a "C<property:regex>" entry to match the named property
|
|
of the device. The regex must match the complete value.
|
|
|
|
=head3 C<arpnip_only>
|
|
|
|
Value: List of Network Identifiers or Device Properties. Default: Empty List.
|
|
|
|
If present, arpnip will be limited to IP addresses matching entries in this
|
|
list. You can include hostnames, IP addresses, subnets (IPv4 and IPv6), YAML
|
|
Regexp to match the DNS name, and address ranges (using a hyphen and no
|
|
whitespace).
|
|
|
|
Alternatively include a "C<property:regex>" entry to match the named property
|
|
of the device. The regex must match the complete value.
|
|
|
|
=head3 C<arpnip_min_age>
|
|
|
|
Value: Number. Default: 0.
|
|
|
|
Sets the minimum amount of time in seconds which must elapse between any two
|
|
arpnip jobs for a device.
|
|
|
|
=head3 C<expire_devices>
|
|
|
|
Value: Number of Days.
|
|
|
|
Devices that have not been refreshed in this number of days will be removed.
|
|
All nodes connected to this device will be removed as well.
|
|
|
|
=head3 C<expire_nodes>
|
|
|
|
Value: Number of Days.
|
|
|
|
Nodes that have not been refreshed in this number of days will be removed from
|
|
the database. Archived and non-archived nodes are removed. This includes
|
|
SwitchPort/MAC and MAC/IP mappings.
|
|
|
|
=head3 C<expire_nodes_archive>
|
|
|
|
Value: Number of Days.
|
|
|
|
Archived data for switch-port/MAC and MAC/IP mappings older than this number
|
|
of days will be removed.
|
|
|
|
=head3 C<dns>
|
|
|
|
Value: Settings Tree. Default: C<max_outstanding: 250>
|
|
|
|
After arpnip, each found IP will have its DNS name resolved. Similarly on
|
|
device discovery, all interface aliases will have their IPs resolved to names.
|
|
|
|
This setting controls how many outstanding DNS queries are permitted at any
|
|
time. You can also override this setting using the
|
|
C<PERL_ANYEVENT_MAX_OUTSTANDING_DNS> environment variable.
|
|
|
|
=head3 C<store_wireless_clients>
|
|
|
|
Value: Boolean. Default: C<true>.
|
|
|
|
Set to false to skip the wireless client information gathering. This is
|
|
captured at macsuck time, so if you aren't using the information you can skip
|
|
it.
|
|
|
|
=head3 C<store_modules>
|
|
|
|
Value: Boolean. Default: C<true>.
|
|
|
|
Set to false to skip the module inventory on device discovery. On some
|
|
platforms this can double the discovery time.
|
|
|
|
=head3 C<ignore_interfaces>
|
|
|
|
Value: List of Strings. Default:
|
|
|
|
ignore_interfaces:
|
|
- 'EOBC'
|
|
- 'unrouted VLAN'
|
|
- 'StackPort'
|
|
- 'Control Plane Interface'
|
|
- 'SPAN (S|R)P Interface'
|
|
- 'StackSub'
|
|
- 'netflow'
|
|
- 'Vlan\d+-mpls layer'
|
|
- 'BRI\S+-Bearer Channel'
|
|
- 'BRI\S+-Physical'
|
|
- 'BRI\S+-Signalling'
|
|
- 'Embedded-Service-Engine\d+\/\d+'
|
|
- 'Virtual-Template\d+'
|
|
- 'Virtual-Access\d+'
|
|
- '(E|T)\d \d\/\d\/\d'
|
|
|
|
If present, device ports whose names match fully any of the items in this list
|
|
will be ignored by the discovery process.
|
|
|
|
Note this may have side effects - connected devices and nodes on those ports
|
|
will in turn also not be discovered.
|
|
|
|
=head3 C<ignore_private_nets>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Set to true to ignore device interfaces that are part of private nets (RFC
|
|
1918).
|
|
|
|
=head3 C<reverse_sysname>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Turn this on to have Netdisco do a reverse lookup of the device C<sysName.0>
|
|
field to use as the management IP address for a device.
|
|
|
|
=head3 C<vlanctl>
|
|
|
|
Value: Boolean. Default: C<true>.
|
|
|
|
Set to false to prevent Netdisco from changing the default VLAN on an
|
|
interface.
|
|
|
|
=head3 C<portctl_nophones>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Set to true to make sure an IP Phone port never can be turned off/on.
|
|
|
|
=head3 C<portctl_vlans>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Set to true to allow Netdisco to be able to disable VLAN trunk interfaces.
|
|
|
|
B<EXTREMELY VERY DANGEROUS>: Turning off a VLAN trunk link could take out most
|
|
of your network.
|
|
|
|
=head3 C<portctl_uplinks>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Set to true to allow Netdisco to be able to disable Uplinks. (Router
|
|
Interfaces too)
|
|
|
|
B<EXTREMELY VERY DANGEROUS>: Turning off uplinks will take out chunks of your
|
|
network.
|
|
|
|
=head3 C<check_userlog>
|
|
|
|
Value: Boolean. Default: C<true>.
|
|
|
|
Set to false to disable the periodic AJAX check for completed entries in the
|
|
job queue for this user. Mainly useful for development to suppress noisy web
|
|
frontend activity.
|
|
|
|
=head3 C<port_control_reasons>
|
|
|
|
Value: Hash of Strings. Default:
|
|
|
|
port_control_reasons:
|
|
address: 'Address Allocation Abuse'
|
|
copyright: 'Copyright Violation'
|
|
dos: 'Denial of Service'
|
|
bandwidth: 'Excessive Bandwidth'
|
|
polling: 'Excessive Polling of DNS/DHCP/SNMP'
|
|
noserv: 'Not In Service'
|
|
exploit: 'Remote Exploit Possible'
|
|
compromised: 'System Compromised'
|
|
other: 'Other'
|
|
resolved: 'Issue Resolved'
|
|
|
|
When a user has Port Control rights and shuts down a port, they are asked for
|
|
a reason. This configuration lists those reasons, and can be overridden to add
|
|
or remove any entries.
|
|
|
|
=head2 Backend Daemon
|
|
|
|
=head3 C<workers>
|
|
|
|
Value: Settings Tree. Default:
|
|
|
|
workers:
|
|
interactives: 2
|
|
pollers: 5
|
|
sleep_time: 2
|
|
|
|
Control the activity of the backend daemon with this configuration setting.
|
|
|
|
C<interactives> and C<pollers> sets how many workers are started for
|
|
interactive jobs (port control) and polling jobs (discover, macsuck, arpnip)
|
|
on this node, respectively. Other nodes can have different settings.
|
|
|
|
C<sleep_time> is the number of seconds between polling the database to find
|
|
new jobs. This is a balance between responsiveness and database load.
|
|
|
|
=head3 C<dns>
|
|
|
|
Value: Settings Tree. Default:
|
|
|
|
dns:
|
|
max_outstanding: 250
|
|
|
|
Sets the maximum number of outstanding requests for asynchronous DNS
|
|
resolution used during arpnip and device alias discovery.
|
|
|
|
This setting overrides the C<PERL_ANYEVENT_MAX_OUTSTANDING_DNS> environment
|
|
value and the C<AnyEvent> library default of 10.
|
|
|
|
=head3 C<housekeeping>
|
|
|
|
Value: Settings Tree. Default: None.
|
|
|
|
If set, then this node's backend daemon will schedule polling jobs (discover,
|
|
macsuck, arpnip, etc) in the central database. It's fine to have multiple
|
|
nodes scheduling work for redundancy (but make sure they all have good NTP).
|
|
|
|
Note that this is independent of the Pollers configured in C<workers>. It's
|
|
okay to have this node schedule housekeeping but not do any of the polling
|
|
itself (C<pollers: 0>).
|
|
|
|
Work can be scheduled using C<cron> style notation, or a simple weekday and
|
|
hour fields (which accept same types as C<cron> notation). For example:
|
|
|
|
housekeeping:
|
|
discoverall:
|
|
when: '0 9 * * *'
|
|
arpwalk:
|
|
when:
|
|
min: 30
|
|
macwalk:
|
|
when:
|
|
min: 15
|
|
hour: '*/2'
|
|
wday: 'mon-fri'
|
|
expiry:
|
|
when: '20 23 * * *'
|
|
|
|
Note that the "C<when>" fields default to "all" (i.e. "C<*>") when not
|
|
specified. See L<Algorithm::Cron> for further details.
|
|
|
|
=head2 Dancer Internal
|
|
|
|
=head3 C<charset>
|
|
|
|
Value: String. Default: C<UTF-8>.
|
|
|
|
See L<Dancer::Config/"charset-string">.
|
|
|
|
=head3 C<warnings>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Should warnings be considered as critical errors?
|
|
|
|
=head3 C<show_errors>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
Whether to show a stack trace when an error is caught in the web frontend.
|
|
|
|
=head3 C<logger>
|
|
|
|
Value: C<console|file>. Default: C<console>.
|
|
|
|
Destination for log messages. Should usually be C<console>, which does the
|
|
right thing when running foreground apps, and is also captured to
|
|
C<${HOME}/logs> when running daemonized. Only change this if you know what
|
|
you're doing.
|
|
|
|
=head3 C<engines>
|
|
|
|
Value: Settings Tree.
|
|
|
|
Useful for overriding the Template Toolkit settings, if you want.
|
|
|
|
=head3 C<layout>
|
|
|
|
Value: String. Default: C<main>.
|
|
|
|
Don't touch this.
|
|
|
|
=head3 C<plugins>
|
|
|
|
Value: Settings Tree.
|
|
|
|
Useful for overriding the Database configuration, but only if you know what
|
|
you're doing.
|
|
|
|
=head3 C<session>
|
|
|
|
Value: String. Default: C<YAML>.
|
|
|
|
How to handle web sessions. Default is to store on disk so they can be shared
|
|
between multiple web server processes (although it's slower).
|
|
|
|
=head3 C<template>
|
|
|
|
Value: String. Default: C<template_toolkit>.
|
|
|
|
Which engine to use for templating in the web frontend. Don't touch this.
|
|
|
|
=head3 C<route_cache>
|
|
|
|
Value: Boolean. Default: C<true>.
|
|
|
|
Whether to build a route cache for web requests, for better performance.
|
|
|
|
=head3 C<appname>
|
|
|
|
Value: String. Default: C<Netdisco>.
|
|
|
|
Don't touch this.
|
|
|
|
=head3 C<behind_proxy>
|
|
|
|
Value: Boolean. Default: C<false>.
|
|
|
|
There's no need to touch this. See deployment documentation for how to proxy.
|
|
|
|
=head1 UNSUPPORTED (SO FAR)
|
|
|
|
These settings are from Netdisco 1.x but are yet to be supported in Netdisco
|
|
2. If you really need the feature, please let the developers know.
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
C<col_xxx_show>
|
|
|
|
=item *
|
|
|
|
C<macsuck_timeout>
|
|
|
|
=item *
|
|
|
|
C<port_info>
|
|
|
|
=item *
|
|
|
|
C<portctl_timeout>
|
|
|
|
=item *
|
|
|
|
C<timeout>
|
|
|
|
=back
|
|
|
|
=cut
|