IP addresses inherit tags from their parent networks (#375)
[racktables] / README
1 Thank you for selecting RackTables as your datacenter management solution!
2 If you are looking for documentation or wish to send feedback, please
3 look for the respective links at project's web-site (racktables.org).
4
5 *******************************************************
6 * *
7 * INSTALLING RACKTABLES *
8 * *
9 *******************************************************
10
11 *** I. SERVER ***
12
13 RackTables requires a MySQL server version 5.x built with InnoDB and
14 Unicode support and configured appropriately. It also requires an Apache
15 httpd with PHP 5 module and several PHP extensions. Below is a list of
16 known-good distributions with respective setup notes.
17
18 *** Fedora 8-16
19 * MySQL: yum install mysql-server mysql
20 * Apache/PHP: yum install httpd php php-mysql php-pdo php-gd php-snmp php-mbstring
21 * To enable Unicode, add "character-set-server=utf8" line to "[mysqld]"
22 section of "/etc/my.cnf" file and restart mysqld.
23
24 *** Debian 6
25 * MySQL: aptitude install mysql-server-5.1
26 * Apache/PHP: aptitude install libapache2-mod-php5 php5-gd php5-mysql php5-snmp
27 * To enable Unicode, add "character-set-server=utf8" line to "[mysqld]"
28 section of "/etc/mysql/my.cnf" file and restart mysqld.
29
30 *** ALTLinux 4.0
31 * MySQL: apt-get install MySQL-server
32 * Apache/PHP: apt-get install apache2-httpd-prefork php5-gd2 \
33 php5-pdo_mysql php5-pdo apache2-mod_php5 php5-mbstring
34 * To enable Unicode, add "CHSET=utf8" line to "/etc/sysconfig/mysqld" file
35 and restart mysqld.
36
37 *** openSUSE 11.0
38 * MySQL: YaST -> Software -> software management -> Web and LAMP server -> mysql
39 * Apache/PHP: use YaST to install apache2-mod_php5, php5-gd, php5-mbstring,
40 php5-mysql, php5-snmp and php5-ldap
41 * To enable Unicode, add "default-character-set=utf8" line to "[mysql]"
42 section of "/etc/my.cnf" file and restart mysqld.
43
44 *** Scientific Linux 6
45 * MySQL: yum install mysql-server mysql
46 * Apache/PHP: httpd php php-mysql php-pdo php-gd php-mbstring
47 * To enable Unicode, add "character-set-server=utf8" line to "[mysqld]"
48 section of "/etc/my.cnf" file and restart mysqld.
49
50 *** FreeBSD 8
51 * Apache/PHP:
52 # make -C /usr/ports/www/apache13-modssl install
53 # make -C /usr/ports/www/php5-session install
54 [X] CLI Build CLI version
55 [X] APACHE Build Apache module
56 [X] MULTIBYTE Enable zend multibyte support
57 # make -C /usr/ports/graphics/php5-gd install
58 # make -C /usr/ports/databases/php5-pdo_mysql install
59 # make -C /usr/ports/devel/pcre install
60 !!! Enable UTF-8 support ............ : yes
61 !!! Unicode properties .............. : yes
62 # make -C /usr/ports/devel/php5-pcre install
63 # make -C /usr/ports/converters/php5-mbstring install
64 [X] REGEX Enable multibyte regex support
65
66 # make -C /usr/ports/net-mgmt/php5-snmp install
67 # make -C /usr/ports/net/php5-ldap install
68
69 *** II. FILES ***
70 Unpack distro files to any directory you want and configure Apache to "wwwroot"
71 subdirectory as DocumentRoot.
72 Symlinks to wwwroot or even index.php from your web server root are also possible.
73
74 *** III. INSTALLER ***
75 Open your configured RackTables URL and you will be prompted to configure
76 and initialize the application.
77
78 *******************************************************
79 * *
80 * UPGRADING RACKTABLES *
81 * *
82 *******************************************************
83 RackTables (since 0.14.6) provides an automatic database upgrade feature.
84 If you already have a working installation, the following procedure
85 should be sufficient:
86
87 0. BACKUP YOUR DATABASE and check the release notes (below) before actually
88 starting the upgrade,.
89 1. Remove all existing files except inc/secret.php and the gateways'
90 configuration (in the gateways directory).
91 2. Unpack the new tarball into the place.
92 3. Open your RackTables page in a browser. The software detects version
93 mismatch and displays a message telling to log in as admin to finish
94 the upgrade.
95 4. Do that. Normally, everything should be Ok. If there are
96 errors displayed, send these in a bug report.
97
98 *******************************************************
99 * *
100 * RELEASE NOTES *
101 * *
102 *******************************************************
103
104 *** Upgrading to 0.20.1 ***
105
106 Security context of 'ipaddress' page now includes tags from the network containing an IP address. This means that you should audit your permission rules to check there is no unintended allows of changing IPs based on network's tagset. Example:
107 allow {client network} and {New York}
108 This rule now not only allows any operation on NY client networks, but also any operation with IP addresses included in those networks. To fix this, you should change the rule this way:
109 allow {client network} and {New York} and not {$page_ipaddress}
110
111 *** Upgrading to 0.20.0 ***
112
113 WARNING: This release have too many internal changes, some of them were waiting more than a year
114 to be released. So this release is considered "BETA" and is recommended only to curiuos users,
115 who agree to sacrifice the stability to the progress.
116
117 Racks and Rows are now stored in the database as Objects. The RackObject table
118 was renamed to Object. SQL views were created to ease the migration of custom
119 reports and scripts.
120
121 New plugins engine instead of local.php file. To make your own code stored in local.php work,
122 you must move the local.php file into the plugins/ directory. The name of this file does not
123 matter any more. You also can store multiple files in that dir, separate your plugins by features,
124 share them and try the plugins from other people just placing them into plugins/ dir, no more merging.
125 $path_to_local_php variable has no special meaning any more.
126 $racktables_confdir variable is now used only to search for secret.php file.
127 $racktables_plugins_dir is a new overridable special variable pointing to plugins/ directory.
128
129 Beginning with this version it is possible to delete IP prefixes, VLANs, Virtual services
130 and RS pools from within theirs properties tab. So please inspect your permissions rules
131 to assure there are no undesired allows for deletion of these objects. To ensure this, you could
132 try this code in the beginning of permissions script:
133
134 allow {userid_1} and {$op_del}
135 deny {$op_del} and ({$tab_edit} or {$tab_properties})
136
137 Hardware gateways engine was rewritten in this version of RackTables. This means that
138 the file gateways/deviceconfig/switch.secrets.php is not used any more. To get information
139 about configuring connection properties and credentials in a new way please visit
140 http://wiki.racktables.org/index.php/Gateways
141
142 This also means that recently added features based on old API (D-Link switches and Linux
143 gateway support contributed by Ilya Evseev) are not working any more and waiting to be
144 forward-ported to new gateways API. Sorry for that.
145
146 Two new config variables appeared in this version:
147 - SEARCH_DOMAINS. Comma-separated list of DNS domains which are considered "base" for your
148 network. If RackTables search engine finds multiple objects based on your search input, but
149 there is only one which FQDN consists of your input and one of these search domains, you will
150 be redirected to this object and other results will be discarded. Such behavior was unconditional
151 since 0.19.3, which caused many objections from users. So welcome this config var.
152 - QUICK_LINK_PAGES. Comma-separated list of RackTables pages to display links to them on top.
153 Each user could have his own list.
154
155 Also some of config variables have changed their default values in this version.
156 This means that upgrade script will change their values if you have them in previous default state.
157 This could be inconvenient, but it is the most effective way to encourage users to use new features.
158 If this behavior is not what you want, simply revert these variables' values:
159 - SHOW_LAST_TAB no => yes
160 - IPV4_TREE_SHOW_USAGE yes =>no (networks' usage is still available by click)
161 - IPV4LB_LISTSRC {$typeid_4} => false
162 - FILTER_DEFAULT_ANDOR or => and (this implicitly enables the feature of dynamic tree shrinking)
163 - FILTER_SUGGEST_EXTRA no => yes (yes, we have extra logical filters!)
164 - IPV4_TREE_RTR_AS_CELL yes => no (display routers as simple text, not cell)
165
166 Also please note that variable IPV4_TREE_RTR_AS_CELL now has third special value
167 besides 'yes' and 'no': 'none'. Use 'none' value if you are experiencing low performance
168 on IP tree page. It will completely disable IP ranges scan for used/spare IPs and the
169 speed of IP tree will increase radically. The price is you will not see the routers in
170 IP tree at all.
171
172 *** Upgrading to 0.19.13 ***
173 A new "date" attribute type has been added. Existing date based fields
174 ("HW warranty expiration", "support contract expiration" and "SW warranty
175 expiration") will be converted to this new type but must be in the format
176 "mm/dd/yyyy" otherwise the conversion will fail.
177
178 *** Upgrading to 0.19.2 ***
179
180 This release is different in filesystem layout. The "gateways" directory
181 has been moved from "wwwroot" directory. This improves security a bit.
182 You can also separate your local settings and add-ons from the core RackTables code.
183 To do that, put a single index.php file into the DocumentRoot of your http server:
184
185 <?php
186 $racktables_confdir='/directory/where/your/secret.php/and/local.php/files/are/stored';
187 require '/directory_where_you_extracted_racktables_distro/wwwroot/index.php';
188 ?>
189
190 No more files are needed to be available directly over the HTTP.
191 Full list of filesystem paths which could be specified in custom index.php or secret.php:
192 $racktables_gwdir: path to the gateways directory;
193 $racktables_staticdir: path to the directory containing 'pix', 'js', 'css' dirs;
194 $racktables_confdir: path where secret.php and local.php are located. It is not
195 recommended to define it in secret.php, cause only the path to
196 local.php will be affected;
197 $path_to_secret_php: Ignore $racktables_confdir when locating secret.php and use
198 the specified path;
199 $path_to_local_php: idem for local.php.
200
201 *** Upgrading to 0.19.0 ***
202
203 The files, which are intended for the httpd (web-server) directory, are
204 now in the "wwwroot" directory of the tar.gz archive. Files outside of
205 that directory are not directly intended for httpd environment and should
206 not be copied to the server.
207
208 This release incorporates ObjectLog functionality, which used to be
209 available as a separate plugin. For the best results it is advised to
210 disable (through local.php) external ObjectLog plugin permanently before
211 the new version is installed. All previously accumulated ObjectLog records
212 will be available through the updated standard interface.
213
214 RackTables is now using PHP JSON extension which is included in the PHP
215 core since 5.2.0.
216
217 The barcode attribute was removed. The upgrade script attempts to
218 preserve the data by moving it to either the 'OEM S/N 1' attribute or to
219 a Log entry. You should backup your database beforehand anyway.
220
221 *** Upgrading to 0.18.x ***
222
223 RackTables from its version 0.18.0 and later is not compatible with
224 RHEL/CentOS (at least with versions up to 5.5) Linux distributions
225 in their default installation. There are yet options to work around that:
226 1. Install RackTables on a server with a different distribution/OS.
227 2. Request Linux distribution vendor to fix the bug with PCRE.
228 3. Repair your RHEL/CentOS installation yourself by fixing its PCRE
229 RPM as explained here: http://bugs.centos.org/view.php?id=3252
230
231 *** Upgrading to 0.17.0 ***
232
233 One can always install RackTables 0.17.0 from scratch. However, upgrading
234 an existing installation to 0.17.0 implies a certain upgrade path. If the
235 existing database version is less, than 0.16.4, it must first be upgraded
236 to version 0.16.4, 0.16.5 or 0.16.6 (at one's choice) using appropriate
237 tar.gz distribution. The resulting 0.16.4+ database can be upgraded to
238 0.17.0 (or later version) in a normal way (with tar.gz of the desired 0.17.x
239 release).
240
241 LDAP options have been moved to LDAP_options array. This means, that if you were
242 using LDAP authentication for users in version 0.16.x, it will break right after
243 upgrade to 0.17.0. To get things working again, adjust existing secret.php file
244 according to secret-sample.php file provided with 0.17.0 release.
245
246 This release is the first to take advantage of the foreign key support
247 provided by the InnoDB storage engine in MySQL. The installer and
248 upgrader scripts check for InnoDB support and cannot complete without it.
249 If you have trouble, the first step is to make sure the 'skip-innodb'
250 option in my.cnf is commented out.
251
252 Another change is the addition of support for file uploads. Files are stored
253 in the database. There are several settings in php.ini which you may need to modify:
254 file_uploads - needs to be On
255 upload_max_filesize - max size for uploaded files
256 post_max_size - max size of all form data submitted via POST (including files)
257
258 User accounts used to have 'enabled' flag, which allowed individual blocking and
259 unblocking of each. This flag was dropped in favor of existing mean of access
260 setup (RackCode). An unconditional denying rule is automatically added into RackCode
261 for such blocked account, so the effective security policy remains the same.