decrease direct use of $_REQUEST and $sic, pt. 5
[racktables] / README.md
CommitLineData
2797f2c7
DO
1# Welcome!
2Thank you for selecting RackTables as your datacenter management solution!
3If you are looking for documentation or wish to send feedback, please
4look for the respective links at [project's web-site](http://racktables.org).
5
fde823aa
DO
6# How to install RackTables
7
8## 1. Prepare the server
9
10RackTables uses a web-server with PHP (5.2.10 or newer) for front-end and a
11MySQL/MariaDB server version 5 for back-end. The most commonly used web-server
12for RackTables is Apache httpd.
13
14### 1.1. Install MySQL server
15
16| Distribution | How to do |
17| ------------------ | ----------------------------------------------------------------------- |
18| ALTLinux 4.0 | `apt-get install MySQL-server` |
19| CentOS 5 | `yum install mysql-server mysql` |
20| Debian 6 | `aptitude install mysql-server-5.1` |
21| Debian 7 | `aptitude install mysql-server-5.1` |
22| Fedora 8-16 | `yum install mysql-server mysql` |
23| Fedora 23 | `dnf install mariadb-server mariadb` |
24| openSUSE 11.0 | YaST -> Software -> software management -> Web and LAMP server -> mysql |
38fd042d 25| openSUSE 42.1 | `zypper install mysql-community-server` |
fde823aa
DO
26| Scientific Linux 6 | `yum install mysql-server mysql` |
27| Ubuntu 14.04 | `apt-get install mysql-server` |
28
29### 1.2. Enable Unicode in the MySQL server
30
31| Distribution | How to do |
32| ------------------ | ------------------------------------------------------------------------------------------------------------------ |
33| ALTLinux 4.0 | add `CHSET=utf8` line to `/etc/sysconfig/mysqld` file and restart mysqld |
34| CentOS 5 | add `character-set-server=utf8` line to `[mysqld]` section of `/etc/my.cnf` file and restart mysqld |
35| Debian 6 | add `character-set-server=utf8` line to `[mysqld]` section of `/etc/mysql/my.cnf` file and restart mysqld |
36| Debian 7 | add `character-set-server=utf8` line to `[mysqld]` section of `/etc/mysql/my.cnf` file and restart mysqld |
37| Fedora 8-16 | add `character-set-server=utf8` line to `[mysqld]` section of `/etc/my.cnf` file and restart mysqld |
38| Fedora 23 | ```printf "[mysqld]\ncharacter-set-server=utf8\n" > /etc/my.cnf.d/mysqld-charset.cnf; systemctl restart mariadb``` |
39| openSUSE 11.0 | add `default-character-set=utf8` line to `[mysql]` section of `/etc/my.cnf` file and restart mysqld |
38fd042d 40| openSUSE 42.1 | No action required, comes configured for UTF-8 by default. |
fde823aa
DO
41| Scientific Linux 6 | add `character-set-server=utf8` line to `[mysqld]` section of `/etc/my.cnf` file and restart mysqld |
42| Ubuntu 14.04 | ```printf "[mysqld]\ncharacter-set-server=utf8\n" > /etc/mysql/conf.d/charset.cnf; service mysql restart``` |
43
44### 1.3. Install PHP and Apache httpd (or nginx)
45
46| Distribution | How to do |
47| ------------------ | ------------------------------------------------------------------------------------ |
48| Fedora 8-16 | `yum install httpd php php-mysql php-pdo php-gd php-snmp php-mbstring php-bcmath` |
49| Fedora 23 | `dnf install httpd php php-mysql php-pdo php-gd php-snmp php-mbstring php-bcmath` |
50| Debian 6 | `aptitude install libapache2-mod-php5 php5-gd php5-mysql php5-snmp` |
51| Debian 7 (nginx) | `aptitude install nginx php5-fpm` **(see note below)** |
52| Ubuntu 14.04 | `apt-get install apache2-bin libapache2-mod-php5 php5-gd php5-mysql php5-snmp` |
53| ALTLinux 4.0 | `apt-get install apache2-httpd-prefork php5-gd2 php5-pdo_mysql php5-pdo apache2-mod_php5 php5-mbstring`
54| openSUSE 11.0 | use YaST to install apache2-mod_php5, php5-gd, php5-mbstring, php5-mysql, php5-bcmath, php5-snmp and php5-ldap
38fd042d 55| openSUSE 42.1 | `zypper install apache2-mod_php5 php5-gd php5-mbstring php5-mysql php5-bcmath` |
fde823aa
DO
56| Scientific Linux 6 | `yum install httpd php php-mysql php-pdo php-gd php-mbstring php-bcmath` |
57| CentOS 5 | `yum install httpd php53 php53-mysql php53-pdo php53-gd php53-mbstring php53-bcmath` |
58| FreeBSD 8 | see note below |
59
60#### 1.3.a. Debian 7 with nginx
2797f2c7
DO
61Remember to adjust `server_name` in `server {}` section, otherwise your logout link
62will point to localhost (and thus fail).
63Notice, that fpm.sock is advised, keep the rest on default configuration, or
64tweak to your needs. You may need to set `fastcgi_read_timeout 600;` if you use
65some external addons like fping, which may take some time in certain situations.
66Please note that setting aggresive caching for php scripts may result in stale
67content - so maximum of 60 seconds is advised, but by default it is not enabled.
68
fde823aa 69#### 1.3.b. FreeBSD 8
2797f2c7
DO
70```
71# make -C /usr/ports/www/apache13-modssl install
72# make -C /usr/ports/www/php5-session install
73[X] CLI Build CLI version
74[X] APACHE Build Apache module
75[X] MULTIBYTE Enable zend multibyte support
76# make -C /usr/ports/graphics/php5-gd install
77# make -C /usr/ports/databases/php5-pdo_mysql install
78# make -C /usr/ports/devel/pcre install
79!!! Enable UTF-8 support ............ : yes
80!!! Unicode properties .............. : yes
81# make -C /usr/ports/devel/php5-pcre install
82# make -C /usr/ports/converters/php5-mbstring install
83[X] REGEX Enable multibyte regex support
84
85# make -C /usr/ports/net-mgmt/php5-snmp install
86# make -C /usr/ports/net/php5-ldap install
87```
88
fde823aa 89## 2. Copy the files
2797f2c7
DO
90Unpack the tar.gz/zip archive to a directory of your choice and configure Apache
91httpd to use `wwwroot` subdirectory as a new DocumentRoot. Alternatively,
92symlinks to `wwwroot` or even to `index.php` from an existing DocumentRoot are
93also possible and often adisable (see `README.Fedora`).
94
fde823aa 95## 3. Run the installer
2797f2c7
DO
96Open the configured RackTables URL and you will be prompted to configure
97and initialize the application.
98
8c5b4ba3
DO
99| Distribution | Apache httpd UID:GID | MySQL UNIX socket path |
100| --------------- | ----------------------- | -------------------------------- |
101| Fedora 23 | `apache:apache` | `/var/lib/mysql/mysql.sock` |
38fd042d 102| openSUSE 42.1 | `wwwrun:www` | `/var/run/mysql/mysql.sock` |
8c5b4ba3
DO
103| Ubuntu 14.04 | `www-data:www-data` | `/var/run/mysqld/mysqld.sock` |
104
fde823aa 105# How to upgrade RackTables
2797f2c7
DO
106
1070. **Backup your database** and check the release notes below before actually
108 starting the upgrade.
1091. Remove all existing files except configuration (the `inc/secret.php` file)
110 and local plugins (in the `plugins/` directory).
1112. Put the contents of the new tar.gz/zip archive into the place.
1123. Open the RackTables page in a browser. The software will detect version
113 mismatch and display a message telling to log in as admin to finish
114 the upgrade.
1154. Do that and report any errors to the bug tracker or the mailing list.
116
117## Release notes
118
c5c39ee5
AA
119### Upgrading to 0.20.11
120
d40d136a 121New `IPV4_TREE_SHOW_UNALLOCATED` configuration option introduced to disable
c5c39ee5 122dsplaying unallocated networks in IPv4 space tree. Setting it also disables
e1e193fe 123the "knight" feature.
c5c39ee5 124
2797f2c7
DO
125### Upgrading to 0.20.7
126
127From now on the minimum (oldest) release of PHP that can run RackTables is
1285.2.10. In particular, to continue running RackTables on CentOS 5 it is
129necessary to replace its php* RPM packages with respective php53* packages
130before the upgrade (except the JSON package, which PHP 5.3 provides internally).
131
132Database triggers are used for some data consistency measures. The database
133user account must have the 'TRIGGER' privilege, which was introduced in
134MySQL 5.1.7.
135
136The `IPV4OBJ_LISTSRC` configuration option is reset to an expression which enables
137the IP addressing feature for all object types except those listed.
138
139Tags could now be assigned on the Edit/Properties tab using a text input with
140auto-completion. Type a star '*' to view full tag tree in auto-complete menu.
141It is worth to add the following line to the permissions script if the
142old-fashioned 'Tags' tab is not needed any more:
143```
144 deny {$tab_tags} # this hides 'Tags' tab
145```
146
147This release converts collation of all DB fields to the `utf8_unicode_ci`. This
148procedure may take some time, and could fail if there are rows that differ only
149by letter case. If this happen, you'll see the failed SQL query in upgrade report
150with the "Duplicate entry" error message. Feel free to continue using your
151installation. If desired so, you could eliminate the case-duplicating rows
152and re-apply the failed query.
153
154### Upgrading to 0.20.6
155
156New `MGMT_PROTOS` configuration option replaces the `TELNET_OBJS_LISTSRC`,
157`SSH_OBJS_LISTSRC` and `RDP_OBJS_LISTSRC` options (converting existing settings as
158necessary). `MGMT_PROTOS` allows to specify any management protocol for a
159particular device list using a RackCode filter. The default value
160(`ssh: {$typeid_4}, telnet: {$typeid_8}`) produces `ssh://server.fqdn` for
161servers and `telnet://switch.fqdn` for network switches.
162
163### Upgrading to 0.20.5
164
165This release introduces the VS groups feature. VS groups is a new way to store
166and display virtual services configuration. There is a new "ipvs" (VS group)
167realm. All previously existing VS configuration remains functional and user
168is free to convert it to the new format, which displays it in a more natural way
169and allows to generate virtual_server_group keepalived configs. To convert a
170virtual service to the new format, it is necessary to manually create a VS group
171object and assign IP addresses to it. The VS group will display a "Migrate" tab
172to convert the old-style VS objects, which can be removed after a successful
173conversion.
174
175The old-style VS configuration becomes **deprecated**. Its support will be removed
176in a future major release. So it is strongly recommended to convert it to the
177new format.
178
179### Upgrading to 0.20.4
180
181Please note that some dictionary items of Cisco Catalyst 2960 series switches
182were renamed to meet official Cisco classification:
183
184old name | new name
185------------|---------
1862960-48TT | 2960-48TT-L
1872960-24TC | 2960-24TC-L
1882960-24TT | 2960-24TT-L
1892960-8TC | 2960-8TC-L
1902960G-48TC | 2960G-48TC-L
1912960G-24TC | 2960G-24TC-L
1922960G-8TC | 2960G-8TC-L
193C2960-24 | C2960-24-S
194C2960G-24PC | C2960-24PC-L
195
196The `DATETIME_FORMAT` configuration option used in setting date and time output
197format now uses a [different](http://php.net/manual/en/function.strftime.php)
198syntax. During upgrade the option is reset to
199the default value, which is now %Y-%m-%d (YYYY-MM-DD) per ISO 8601.
200
201This release intoduces two new configuration options:
202`REVERSED_RACKS_LISTSRC` and `NEAREST_RACKS_CHECKBOX`.
203
204### Upgrading to 0.20.1
205
206The 0.20.0 release includes bug which breaks IP networks' capacity displaying on
20732-bit architecture machines. To fix this, this release makes use of PHP's BC
208Math module. It is a new reqiurement. Most PHP distributions have this module
209already enabled, but if yours does not - you need yo recompile PHP.
210
211Security context of 'ipaddress' page now includes tags from the network
212containing an IP address. This means that you should audit your permission rules
213to check there is no unintended allows of changing IPs based on network's
214tagset. Example:
215```
216 allow {client network} and {New York}
217```
218This rule now not only allows any operation on NY client networks, but also any
219operation with IP addresses included in those networks. To fix this, you should
220change the rule this way:
221```
222 allow {client network} and {New York} and not {$page_ipaddress}
223```
224
225### Upgrading to 0.20.0
226
227WARNING: This release have too many internal changes, some of them were waiting
228more than a year to be released. So this release is considered "BETA" and is
229recommended only to curiuos users, who agree to sacrifice the stability to the
230progress.
231
232Racks and Rows are now stored in the database as Objects. The RackObject table
233was renamed to Object. SQL views were created to ease the migration of custom
234reports and scripts.
235
236New plugins engine instead of `local.php` file. To make your own code stored in
237`local.php` work, you must move the `local.php` file into the `plugins/` directory.
238The name of this file does not matter any more. You also can store multiple
239files in that dir, separate your plugins by features, share them and try the
240plugins from other people just placing them into `plugins/` dir, no more merging.
241
242* `$path_to_local_php` variable has no special meaning any more.
243* `$racktables_confdir` variable is now used only to search for `secret.php` file.
244* `$racktables_plugins_dir` is a new overridable special variable pointing to `plugins/` directory.
245
246Beginning with this version it is possible to delete IP prefixes, VLANs, Virtual
247services and RS pools from within theirs properties tab. So please inspect your
248permissions rules to assure there are no undesired allows for deletion of these
249objects. To ensure this, you could try this code in the beginning of permissions
250script:
251```
252allow {userid_1} and {$op_del}
253deny {$op_del} and ({$tab_edit} or {$tab_properties})
254```
255
256Hardware gateways engine was rewritten in this version of RackTables. This means
257that the file `gateways/deviceconfig/switch.secrets.php` is not used any more. To
258get information about configuring connection properties and credentials in a new
259way please read [this](http://wiki.racktables.org/index.php/Gateways).
260
261This also means that recently added features based on old API (D-Link switches
262and Linux gateway support contributed by Ilya Evseev) are not working any more
263and waiting to be forward-ported to new gateways API. Sorry for that.
264
265Two new config variables appeared in this version:
266 - `SEARCH_DOMAINS`. Comma-separated list of DNS domains which are considered
267 "base" for your network. If RackTables search engine finds multiple objects
268 based on your search input, but there is only one which FQDN consists of
269 your input and one of these search domains, you will be redirected to this
270 object and other results will be discarded. Such behavior was unconditional
271 since 0.19.3, which caused many objections from users. So welcome this
272 config var.
273 - `QUICK_LINK_PAGES`. Comma-separated list of RackTables pages to display links
274 to them on top. Each user could have his own list.
275
276Also some of config variables have changed their default values in this version.
277This means that upgrade script will change their values if you have them in
278previous default state. This could be inconvenient, but it is the most effective
279way to encourage users to use new features. If this behavior is not what you
280want, simply revert these variables' values:
281
282variable | old | new | comment
283------------------------|-------------|-------|--------
284`SHOW_LAST_TAB` | no | yes
285`IPV4_TREE_SHOW_USAGE` | yes | no | Networks' usage is still available by click.
286`IPV4LB_LISTSRC` | {$typeid_4} | false
287`FILTER_DEFAULT_ANDOR` | or | and | This implicitly enables the feature of dynamic tree shrinking.
288`FILTER_SUGGEST_EXTRA` | no | yes | Yes, we have extra logical filters!
289`IPV4_TREE_RTR_AS_CELL` | yes | no | Display routers as simple text, not cell.
290
291Also please note that variable `IPV4_TREE_RTR_AS_CELL` now has third special value
292besides 'yes' and 'no': 'none'. Use 'none' value if you are experiencing low
293performance on IP tree page. It will completely disable IP ranges scan for
294used/spare IPs and the speed of IP tree will increase radically. The price is
295you will not see the routers in IP tree at all.
296
297### Upgrading to 0.19.13
298A new "date" attribute type has been added. Existing date based fields ("HW
299warranty expiration", "support contract expiration" and "SW warranty
300expiration") will be converted to this new type but must be in the format
301"mm/dd/yyyy" otherwise the conversion will fail.
302
303### Upgrading to 0.19.2
304
305This release is different in filesystem layout. The "gateways" directory has
306been moved from `wwwroot` directory. This improves security a bit. You can also
307separate your local settings and add-ons from the core RackTables code. To do
308that, put a single `index.php` file into the DocumentRoot of your http server:
309
310```php
311<?php
312$racktables_confdir='/directory/with/secret.php/and/local.php/';
313require '/directory_where_you_extracted_racktables_distro/wwwroot/index.php';
314?>
315```
316
317No more files are needed to be available directly over the HTTP. Full list of
318filesystem paths which could be specified in custom `index.php` or `secret.php`:
319* `$racktables_gwdir`: path to the gateways directory;
320* `$racktables_staticdir`: path to the directory containing `pix`, `js`, `css` directories;
321* `$racktables_confdir`: path where secret.php and local.php are located. It is not recommended to define it in `secret.php`, cause only the path to `local.php` will be affected;
322* `$path_to_secret_php`: Ignore `$racktables_confdir` when locating `secret.php` and use the specified path;
323* `$path_to_local_php`: idem for `local.php`.
324
325### Upgrading to 0.19.0
326
327The files, which are intended for the httpd (web-server) directory, are now in
328the `wwwroot` directory of the tar.gz archive. Files outside of that directory
329are not directly intended for httpd environment and should not be copied to the
330server.
331
332This release incorporates ObjectLog functionality, which used to be available as
333a separate plugin. For the best results it is advised to disable (through
334`local.php`) external ObjectLog plugin permanently before the new version is
335installed. All previously accumulated ObjectLog records will be available
336through the updated standard interface.
337
338RackTables is now using PHP JSON extension which is included in the PHP core
339since 5.2.0.
340
341The barcode attribute was removed. The upgrade script attempts to preserve the
342data by moving it to either the 'OEM S/N 1' attribute or to a Log entry. You
343should backup your database beforehand anyway.
344
345### Upgrading to 0.18.x
346
347RackTables from its version 0.18.0 and later is not compatible with RHEL/CentOS
348(at least with versions up to 5.5) Linux distributions in their default
349installation. There are yet options to work around that:
350
3511. Install RackTables on a server with a different distribution/OS.
3522. Request Linux distribution vendor to fix the bug with PCRE.
3533. Repair your RHEL/CentOS installation yourself by fixing its PCRE
354 RPM as explained [here](http://bugs.centos.org/view.php?id=3252)