Revision 1c9bea54
b/ChangeLog | ||
---|---|---|
3 | 3 |
Updates and enhancements. Check documentation for updating from previous versions |
4 | 4 |
- Rest Api |
5 | 5 |
|
6 |
======= |
|
7 |
1.1.1 RELEASE |
|
8 |
Minor changes release |
|
9 |
|
|
10 |
- Change license to GPLv3 |
|
11 |
- Minor documentation updates |
|
6 | 12 |
|
7 | 13 |
=========== |
8 | 14 |
1.1.0 RELEASE |
b/_version.py | ||
---|---|---|
1 |
VERSION = '1.1.0'
|
|
1 |
VERSION = '1.1.2'
|
|
2 | 2 |
|
3 | 3 |
if __name__ == "__main__": |
4 | 4 |
print VERSION |
b/doc/index.md | ||
---|---|---|
28 | 28 |
NETCONF always) to a router and then ibgp would do the rest. In GRNET’s |
29 | 29 |
case the flowspec capable device is an EX4200. |
30 | 30 |
|
31 |
> **attention** |
|
32 |
> |
|
33 |
> Make sure your FoD server has ssh access to your flowspec device. |
|
31 |
**attention** |
|
34 | 32 |
|
35 |
> **attention** |
|
36 |
> |
|
37 |
> Installation instructions assume a clean Debian Wheezy with Django 1.4 |
|
33 |
Make sure your FoD server has ssh access to your flowspec device. |
|
34 |
|
|
35 |
**attention** |
|
36 |
|
|
37 |
Installation instructions assume a clean Debian Wheezy with Django 1.4 |
|
38 | 38 |
|
39 | 39 |
Contact |
40 | 40 |
------- |
... | ... | |
100 | 100 |
Also, django rest framework package is required. In debian Wheezy it is |
101 | 101 |
not available, but one can install it via pip. |
102 | 102 |
|
103 |
> **note** |
|
104 |
> |
|
105 |
> Set username and password for mysql if used |
|
103 |
**note** |
|
106 | 104 |
|
107 |
> **note** |
|
108 |
> |
|
109 |
> If you wish to deploy an outgoing mail server, now it is time to do |
|
110 |
> it. Otherwise you could set FoD to send out mails via a third party |
|
111 |
> account |
|
105 |
Set username and password for mysql if used |
|
106 |
|
|
107 |
**note** |
|
108 |
|
|
109 |
If you wish to deploy an outgoing mail server, now it is time to do |
|
110 |
it. Otherwise you could set FoD to send out mails via a third party |
|
111 |
account |
|
112 | 112 |
|
113 | 113 |
### Create a database |
114 | 114 |
|
... | ... | |
136 | 136 |
cd nxpy |
137 | 137 |
python setup.py install |
138 | 138 |
|
139 |
- flowspy: core application. Installation is done at /srv/flowspy: |
|
140 | 139 |
|
140 |
- flowspy: core web application. Installation is done at /srv/flowspy:: |
|
141 | 141 |
cd /srv |
142 | 142 |
git clone https://code.grnet.gr/git/flowspy |
143 | 143 |
cd flowspy |
... | ... | |
210 | 210 |
not be created. As noted above, you have to create the views that the |
211 | 211 |
tables will rely on. |
212 | 212 |
|
213 |
> **note**
|
|
214 |
> |
|
215 |
> Soon we will release a version with django-registration as a means to
|
|
216 |
> add users and Shibboleth will become an alternative
|
|
213 |
**note**
|
|
214 |
|
|
215 |
Soon we will release a version with django-registration as a means to
|
|
216 |
add users and Shibboleth will become an alternative
|
|
217 | 217 |
|
218 | 218 |
Let’s move on with some copies and dir creations: |
219 | 219 |
|
... | ... | |
222 | 222 |
cp urls.py.dist urls.py |
223 | 223 |
cd .. |
224 | 224 |
|
225 |
> **note**
|
|
226 |
> |
|
227 |
> LOG\_FILE\_LOCATION in settings.py is set to **/var/log/fod**. Adjust
|
|
228 |
> the chown command above to your selected dir.
|
|
225 |
**note**
|
|
226 |
|
|
227 |
LOG\_FILE\_LOCATION in settings.py is set to **/var/log/fod**. Adjust
|
|
228 |
the chown command above to your selected dir.
|
|
229 | 229 |
|
230 | 230 |
System configuration |
231 | 231 |
==================== |
b/doc/source/conf.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
# |
|
3 |
# fod documentation build configuration file, created by |
|
4 |
# sphinx-quickstart on Wed Oct 16 17:20:20 2013. |
|
5 |
# |
|
6 |
# This file is execfile()d with the current directory set to its containing dir. |
|
7 |
# |
|
8 |
# Note that not all possible configuration values are present in this |
|
9 |
# autogenerated file. |
|
10 |
# |
|
11 |
# All configuration values have a default; values that are commented out |
|
12 |
# serve to show the default. |
|
13 |
|
|
14 |
import sys, os |
|
15 |
|
|
16 |
# If extensions (or modules to document with autodoc) are in another directory, |
|
17 |
# add these directories to sys.path here. If the directory is relative to the |
|
18 |
# documentation root, use os.path.abspath to make it absolute, like shown here. |
|
19 |
#sys.path.append(os.path.abspath('.')) |
|
20 |
|
|
21 |
# -- General configuration ----------------------------------------------------- |
|
22 |
|
|
23 |
# Add any Sphinx extension module names here, as strings. They can be extensions |
|
24 |
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. |
|
25 |
extensions = [] |
|
26 |
|
|
27 |
# Add any paths that contain templates here, relative to this directory. |
|
28 |
templates_path = ['_templates'] |
|
29 |
|
|
30 |
# The suffix of source filenames. |
|
31 |
source_suffix = '.rst' |
|
32 |
|
|
33 |
# The encoding of source files. |
|
34 |
#source_encoding = 'utf-8' |
|
35 |
|
|
36 |
# The master toctree document. |
|
37 |
master_doc = 'index' |
|
38 |
|
|
39 |
# General information about the project. |
|
40 |
project = u'fod' |
|
41 |
copyright = u'2014, GRNET NOC, GRNET S.A' |
|
42 |
|
|
43 |
# The version info for the project you're documenting, acts as replacement for |
|
44 |
# |version| and |release|, also used in various other places throughout the |
|
45 |
# built documents. |
|
46 |
# |
|
47 |
# The short X.Y version. |
|
48 |
version = '1.1.1' |
|
49 |
# The full version, including alpha/beta/rc tags. |
|
50 |
release = '1.1.1' |
|
51 |
|
|
52 |
# The language for content autogenerated by Sphinx. Refer to documentation |
|
53 |
# for a list of supported languages. |
|
54 |
#language = None |
|
55 |
|
|
56 |
# There are two options for replacing |today|: either, you set today to some |
|
57 |
# non-false value, then it is used: |
|
58 |
#today = '' |
|
59 |
# Else, today_fmt is used as the format for a strftime call. |
|
60 |
#today_fmt = '%B %d, %Y' |
|
61 |
|
|
62 |
# List of documents that shouldn't be included in the build. |
|
63 |
#unused_docs = [] |
|
64 |
|
|
65 |
# List of directories, relative to source directory, that shouldn't be searched |
|
66 |
# for source files. |
|
67 |
exclude_trees = [] |
|
68 |
|
|
69 |
# The reST default role (used for this markup: `text`) to use for all documents. |
|
70 |
#default_role = None |
|
71 |
|
|
72 |
# If true, '()' will be appended to :func: etc. cross-reference text. |
|
73 |
#add_function_parentheses = True |
|
74 |
|
|
75 |
# If true, the current module name will be prepended to all description |
|
76 |
# unit titles (such as .. function::). |
|
77 |
#add_module_names = True |
|
78 |
|
|
79 |
# If true, sectionauthor and moduleauthor directives will be shown in the |
|
80 |
# output. They are ignored by default. |
|
81 |
#show_authors = False |
|
82 |
|
|
83 |
# The name of the Pygments (syntax highlighting) style to use. |
|
84 |
pygments_style = 'sphinx' |
|
85 |
|
|
86 |
# A list of ignored prefixes for module index sorting. |
|
87 |
#modindex_common_prefix = [] |
|
88 |
|
|
89 |
|
|
90 |
# -- Options for HTML output --------------------------------------------------- |
|
91 |
|
|
92 |
# The theme to use for HTML and HTML Help pages. Major themes that come with |
|
93 |
# Sphinx are currently 'default' and 'sphinxdoc'. |
|
94 |
html_theme = 'default' |
|
95 |
|
|
96 |
# Theme options are theme-specific and customize the look and feel of a theme |
|
97 |
# further. For a list of options available for each theme, see the |
|
98 |
# documentation. |
|
99 |
#html_theme_options = {} |
|
100 |
|
|
101 |
# Add any paths that contain custom themes here, relative to this directory. |
|
102 |
#html_theme_path = [] |
|
103 |
|
|
104 |
# The name for this set of Sphinx documents. If None, it defaults to |
|
105 |
# "<project> v<release> documentation". |
|
106 |
#html_title = None |
|
107 |
|
|
108 |
# A shorter title for the navigation bar. Default is the same as html_title. |
|
109 |
#html_short_title = None |
|
110 |
|
|
111 |
# The name of an image file (relative to this directory) to place at the top |
|
112 |
# of the sidebar. |
|
113 |
#html_logo = None |
|
114 |
|
|
115 |
# The name of an image file (within the static path) to use as favicon of the |
|
116 |
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 |
|
117 |
# pixels large. |
|
118 |
#html_favicon = None |
|
119 |
|
|
120 |
# Add any paths that contain custom static files (such as style sheets) here, |
|
121 |
# relative to this directory. They are copied after the builtin static files, |
|
122 |
# so a file named "default.css" will overwrite the builtin "default.css". |
|
123 |
#html_static_path = ['_static'] |
|
124 |
|
|
125 |
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, |
|
126 |
# using the given strftime format. |
|
127 |
#html_last_updated_fmt = '%b %d, %Y' |
|
128 |
|
|
129 |
# If true, SmartyPants will be used to convert quotes and dashes to |
|
130 |
# typographically correct entities. |
|
131 |
#html_use_smartypants = True |
|
132 |
|
|
133 |
# Custom sidebar templates, maps document names to template names. |
|
134 |
#html_sidebars = {} |
|
135 |
|
|
136 |
# Additional templates that should be rendered to pages, maps page names to |
|
137 |
# template names. |
|
138 |
#html_additional_pages = {} |
|
139 |
|
|
140 |
# If false, no module index is generated. |
|
141 |
#html_use_modindex = True |
|
142 |
|
|
143 |
# If false, no index is generated. |
|
144 |
#html_use_index = True |
|
145 |
|
|
146 |
# If true, the index is split into individual pages for each letter. |
|
147 |
#html_split_index = False |
|
148 |
|
|
149 |
# If true, links to the reST sources are added to the pages. |
|
150 |
#html_show_sourcelink = True |
|
151 |
|
|
152 |
# If true, an OpenSearch description file will be output, and all pages will |
|
153 |
# contain a <link> tag referring to it. The value of this option must be the |
|
154 |
# base URL from which the finished HTML is served. |
|
155 |
#html_use_opensearch = '' |
|
156 |
|
|
157 |
# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). |
|
158 |
#html_file_suffix = '' |
|
159 |
|
|
160 |
# Output file base name for HTML help builder. |
|
161 |
htmlhelp_basename = 'foddoc' |
|
162 |
|
|
163 |
|
|
164 |
# -- Options for LaTeX output -------------------------------------------------- |
|
165 |
|
|
166 |
# The paper size ('letter' or 'a4'). |
|
167 |
#latex_paper_size = 'letter' |
|
168 |
|
|
169 |
# The font size ('10pt', '11pt' or '12pt'). |
|
170 |
#latex_font_size = '10pt' |
|
171 |
|
|
172 |
# Grouping the document tree into LaTeX files. List of tuples |
|
173 |
# (source start file, target name, title, author, documentclass [howto/manual]). |
|
174 |
latex_documents = [ |
|
175 |
('index', 'fod.tex', u'fod Documentation', |
|
176 |
u'Leonidas Poulopoulos', 'manual'), |
|
177 |
] |
|
178 |
|
|
179 |
# The name of an image file (relative to this directory) to place at the top of |
|
180 |
# the title page. |
|
181 |
#latex_logo = None |
|
182 |
|
|
183 |
# For "manual" documents, if this is true, then toplevel headings are parts, |
|
184 |
# not chapters. |
|
185 |
#latex_use_parts = False |
|
186 |
|
|
187 |
# Additional stuff for the LaTeX preamble. |
|
188 |
#latex_preamble = '' |
|
189 |
|
|
190 |
# Documents to append as an appendix to all manuals. |
|
191 |
#latex_appendices = [] |
|
192 |
|
|
193 |
# If false, no module index is generated. |
|
194 |
#latex_use_modindex = True |
b/doc/source/index.rst | ||
---|---|---|
1 |
.. fod documentation master file, created by |
|
2 |
sphinx-quickstart on Wed Oct 16 17:20:20 2013. |
|
3 |
You can adapt this file completely to your liking, but it should at least |
|
4 |
contain the root `toctree` directive. |
|
5 |
|
|
6 |
****************** |
|
7 |
Firewall on Demand |
|
8 |
****************** |
|
9 |
|
|
10 |
Description |
|
11 |
=========== |
|
12 |
Firewall on Demand applies, via Netconf, flow rules to a network device. These rules are then propagated via e-bgp to peering routers. Each user is authenticated against shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from. |
|
13 |
FoD is meant to operate over this architecture:: |
|
14 |
|
|
15 |
+-----------+ +------------+ +------------+ |
|
16 |
| FoD | NETCONF | flowspec | ebgp | router | |
|
17 |
| web app +----------> device +--------> | |
|
18 |
+-----------+ +------+-----+ +------------+ |
|
19 |
| ebgp |
|
20 |
| |
|
21 |
+------v-----+ |
|
22 |
| router | |
|
23 |
| | |
|
24 |
+------------+ |
|
25 |
|
|
26 |
NETCONF is chosen as the mgmt protocol to apply rules to a single flowspec capable device. Rules are then propagated via igbp to all flowspec capable routers. Of course FoD could apply rules directly (via NETCONF always) to a router and then ibgp would do the rest. |
|
27 |
In GRNET's case the flowspec capable device is an EX4200. |
|
28 |
|
|
29 |
.. attention:: |
|
30 |
Make sure your FoD server has ssh access to your flowspec device. |
|
31 |
|
|
32 |
.. attention:: |
|
33 |
Installation instructions assume a clean Debian Wheezy with Django 1.4 |
|
34 |
|
|
35 |
Contact |
|
36 |
======= |
|
37 |
You can find more about FoD or raise your issues at `GRNET FoD repository <https://code.grnet.gr/projects/flowspy>`_ or `GRNET FoD Github repo <https://github.com/grnet/flowspy>`_ . |
|
38 |
|
|
39 |
You can contact us directly at grnet{at}noc[dot]grnet(.)gr |
|
40 |
|
|
41 |
Install |
|
42 |
======= |
|
43 |
|
|
44 |
.. toctree:: |
|
45 |
:maxdepth: 2 |
|
46 |
|
|
47 |
install |
|
48 |
|
|
49 |
|
Also available in: Unified diff