Discussion:
[lopsa-tech] IP management Open Source recommendations
(too old to reply)
Tim Kirby
2018-06-26 15:26:43 UTC
Permalink
I have it in mind that there was a discussion on this in the past...

New $WORK had someone writing a home grown Postgres-backed web app to manage IP addresses. It was under development for a long time; $DEVELOPER is no longer employed here, $PROJECT is apparently incomplete and worthless.

mv $PROJECT /dev/null

Sigh. No discussion required on what was done previously - people have been chastised and non existent project management are embarrassed. Sad.

I just got asked for suggestions and had nothing offhand, hence consulting the hive mind; no money to buy (of course), looking for Open Source recommendations ASAP ... requirements apparently include (quote) “API and IPAM”...

Thanks

Tim
--
Tim Kirby
***@kirbys.org
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/74FB5A90-A12C-48D9-A64C-0B28B74DA7C4%40kirbys.org.
Paul Heinlein
2018-06-26 15:58:19 UTC
Permalink
Tim,
A lot depends on what your infrastructure is and whether you want the
IPPlan: http://iptrack.sourceforge.net/ (I have used this in the past)
From the IPplan home page: "...(IPAM) software and tracking tool
written in php 4..."

Oops. You might it tough supporting PHP 4 these days.
--
Paul Heinlein
***@madboa.com
45°38' N, 122°6' W
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/alpine.OSX.2.21.1806260853230.4560%40orpb095.ohsu.edu.
David Veer
2018-06-26 18:58:38 UTC
Permalink
We use phpIPAM at $WORK and it's pretty reasonable (again way better than the old spreadsheet method), but i'm sure there probably is better options as per everybody's recommendations already.

Cheers,
David

David J. Veer
***@me.com

On Jun 27, 2018, at 04:32 AM, Patrick Landry <***@louisiana.edu> wrote:

We use netdot here (https://github.com/cvicente/Netdot) and have been pleased. I must admit we haven't updated in a while.
It does have an API which I have used to manage Let's Encrypt DNS challenges and machine provisioning. Netdot does
produce configuration files for ISC DHCP and BIND. We use that feature (with some post processing) to run our
production DHCP and BIND servers.
--
Patrick Landry
Director, UCSS
University of Louisiana at Lafayette
***@louisiana.edu
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/1391409997.1257880.1530030718471.JavaMail.zimbra%40louisiana.edu.
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/34680722-c385-452d-86a9-23740f5d095f%40me.com.
Skylar Thompson
2018-06-27 01:39:09 UTC
Permalink
Out of curiosity, what are the issues with $PROJECT? I'm asking as a
developer of a PostgreSQL-backed application that ties together IP
management, asset management, and a portion of our config management, with
a Django web front-end, and I'm hoping to avoid whatever pitfalls that
other folks have run into, both before I leave and after I leave (whenever
that happens to be).
Post by Tim Kirby
I have it in mind that there was a discussion on this in the past...
New $WORK had someone writing a home grown Postgres-backed web app to manage IP addresses. It was under development for a long time; $DEVELOPER is no longer employed here, $PROJECT is apparently incomplete and worthless.
mv $PROJECT /dev/null
Sigh. No discussion required on what was done previously - people have been chastised and non existent project management are embarrassed. Sad.
I just got asked for suggestions and had nothing offhand, hence consulting the hive mind; no money to buy (of course), looking for Open Source recommendations ASAP ... requirements apparently include (quote) ???API and IPAM???...
Thanks
Tim
--
Tim Kirby
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/74FB5A90-A12C-48D9-A64C-0B28B74DA7C4%40kirbys.org.
--
Skylar
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/20180627013909.GA24289%40almaren.
John Stoffel
2018-06-27 15:42:25 UTC
Permalink
Skylar> Out of curiosity, what are the issues with $PROJECT? I'm
Skylar> asking as a developer of a PostgreSQL-backed application that
Skylar> ties together IP management, asset management, and a portion
Skylar> of our config management, with a Django web front-end, and I'm
Skylar> hoping to avoid whatever pitfalls that other folks have run
Skylar> into, both before I leave and after I leave (whenever that
Skylar> happens to be).

For me, a way to do alot of stuff from the CLI or in a scripted manner
would be ideal. Or even just a simple:

- gimme the next free IP in this subnet, which doesn't respond to a
PING test and is listed as free. Reserve it in my name.

grab-ip 192.168.100.0/24 hostname


would be awesome, double checking the passed in class, the hostname,
etc. Assume a default domain, but allow over rides.

You handle the logging that it was me, etc. What else does one of
these tools really need?

John
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/23347.45153.762337.919911%40quad.stoffel.home.
Skylar Thompson
2018-06-28 01:58:49 UTC
Permalink
Post by John Stoffel
Skylar> Out of curiosity, what are the issues with $PROJECT? I'm
Skylar> asking as a developer of a PostgreSQL-backed application that
Skylar> ties together IP management, asset management, and a portion
Skylar> of our config management, with a Django web front-end, and I'm
Skylar> hoping to avoid whatever pitfalls that other folks have run
Skylar> into, both before I leave and after I leave (whenever that
Skylar> happens to be).
For me, a way to do alot of stuff from the CLI or in a scripted manner
- gimme the next free IP in this subnet, which doesn't respond to a
PING test and is listed as free. Reserve it in my name.
grab-ip 192.168.100.0/24 hostname
would be awesome, double checking the passed in class, the hostname,
etc. Assume a default domain, but allow over rides.
You handle the logging that it was me, etc. What else does one of
these tools really need?
The tool I've written makes heavy use of database stored procedures, which
doesn't provide a REST API but does provide an API that's easy to call from
the command line, and is the same mechanism that the web front-end uses. If
I had been thinking ahead, I probably should have done something REST-like
but there's always future releases...

As far as logging, the every record in the database has some hidden
metadata (who created it, when, effective time range of the record). Some
trigger magic hides records by changing their effective time range, and
inserts new records for updates. This means we don't need any separate
auditing mechanism (though I could provide one) since the old data never
goes away. Eventually we would need to consider throwing out old data but
things change so slowly in our network world that it'll be a long time
before it's an issue (I hope).
--
Skylar
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/20180628015848.GA31527%40almaren.
Skylar Thompson
2018-06-28 02:03:36 UTC
Permalink
Post by John Stoffel
For me, a way to do alot of stuff from the CLI or in a scripted manner
- gimme the next free IP in this subnet, which doesn't respond to a
PING test and is listed as free. Reserve it in my name.
grab-ip 192.168.100.0/24 hostname
That approach would have so many problems in practice with race
conditions, host-level packet filtering, and hosts happening to be down
at the time someone was trying to get a reservation. The problem is
domain is a lot more complicated than that. What you want there is
DHCP, which may not be perfect but at least tries to handle some of
those issues.
Our systems/network database is our source of truth, so by policy there
aren't any IP addresses that aren't tracked in the database. I have a
stored procedure that returns the next free IP address in a given range
(where that range is chosen based on physical location and border firewall
policy). When the network record table is locked for writes, that procedure
is guaranteed to give an IP address that won't be allocated for any other
use. It's actually the only place where I've needed a table lock, and it
wouldn't be necessary if I wanted to implement transaction-retry logic at
the application level.

The network information in the database feeds into our DHCP and DNS
servers. Once a minute, they run a cron job that generates new
configuration files in a temporary location, validates them, and then loads
them if they pass validation. If they fail validation, then we get a Nagios
alert, and they continue running with their old configuration.
--
Skylar
--
This list provided by the League of Professional System Administrators
http://lopsa.org/
---
You received this message because you are subscribed to the Google Groups "LOPSA Tech Discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tech+***@lopsa.org.
To post to this group, send email to ***@lopsa.org.
To view this discussion on the web visit https://groups.google.com/a/lopsa.org/d/msgid/tech/20180628020336.GB31527%40almaren.
Continue reading on narkive:
Loading...