[ifmapdev] Instructions for configuring IF-MAP with ISC DHCP.
128 views
Skip to first unread message
Terry Simons
May 16, 2010, 9:51:57 AM5/16/10
to ifmapdev
I've posted a draft of instructions on getting ISC DHCP working with
omapd on my blog: http://nixtrix.blogspot.com/2010/05/if-map-with-isc-dhcp-and-omapd.html
The full publish-ip-mac.pl script doesn't play nicely with the
blogging software, so I didn't post that on the blog, but I'll post it
here.
A couple things to note:
I haven't solved the "no MAC address with 'on expiry'" problem yet...
so lease expirations won't trigger a proper cleanup.
The script is less than adequate right now because it calls out to
curl to do the publish and delete. I plan on fixing this and using a
pure SOAP API, but this should get people by for the short term.
#!/usr/bin/perl
use strict;
use warnings;
use Data::Dumper qw(Dumper);
use SOAP::Lite
# Set a default action handler that is .NET friendly
# otherwise, we'll get errors from the server as
# SOAP::Lite defaults to sending an incompatible SOAPAction
# header. (%s#%s but we need %s%s)
# on_action => sub {sprintf '%s%s', @_},
# For debugging
+trace=>'all';
my $type = shift;
my $ip = shift;
my $mac = shift;
my $ifmapServer = "https://127.0.0.1:8081";
# Fork so we can return control
# to the dhcp server ASAP.
my $pid = fork();
# If we're the child them
# attempt to publish this
# information to the MAP
# server.
if($pid == 0) {
my $soap = SOAP::Lite
->readable(1)
->ns('file:ifmap.wsdl')
->proxy('https://127.0.0.1:8081');
# Use the below with the WSDL interface.
# and remove the proxy line.
#->service('file:ifmap.wsdl')
#->endpoint("https://127.0.0.1:8081");
my $serializer = $soap->serializer();
$serializer->register_ns('http://www.trustedcomputinggroup.org/
2006/IFMAP/1', 'ifmap');
$serializer->register_ns('http://www.trustedcomputinggroup.org/
2006/IFMAP-METADATA/1', 'meta');
my $newSession = SOAP::Data->name("ifmap:new-session");
my $soapReply = $soap->call($newSession);
my $sessionId = $soapReply->valueof('//session-id');
my $publisherId = $soapReply->valueof('//publisher-id');
printf("Session ID: $sessionId\n");
printf("Publisher ID: $publisherId\n");
my $sessionHeader =
SOAP::Header
->name("ifmap:session-id")
->value($sessionId);
if($type eq "commit") {
my $publishCommand = <<END;
curl --insecure -X POST -H 'Content-type: text/xml' -d '<?xml
version="1.0"?>
<env:Envelope
xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:ifmap="http://www.trustedcomputinggroup.org/2006/IFMAP/1"
xmlns:meta="http://www.trustedcomputinggroup.org/2006/IFMAP-METADATA/
1">
<env:Header>
<ifmap:session-id>$sessionId</ifmap:session-id>
</env:Header>
<env:Body>
<ifmap:publish>
<update name="ISC DHCP $ip">
<link>
<identifier>
<mac-address value="$mac"/>
</identifier>
<identifier>
<ip-address value="$ip" type="IPv4"/>
</identifier>
</link>
<metadata>
<meta:ip-mac cardinality="singleValue"/>
</metadata>
</update>
</ifmap:publish>
</env:Body>
</env:Envelope>' $ifmapServer
END
`$publishCommand`;
} elsif($type eq "release") {
my $publishCommand = <<END;
curl --insecure -X POST -H 'Content-type: text/xml' -d '<?xml
version="1.0"?>
<env:Envelope
xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:ifmap="http://www.trustedcomputinggroup.org/2006/IFMAP/1"
xmlns:meta="http://www.trustedcomputinggroup.org/2006/IFMAP-METADATA/
1">
<env:Header>
<ifmap:session-id>$sessionId</ifmap:session-id>
</env:Header>
<env:Body>
<ifmap:publish>
<delete>
<link>
<identifier>
<mac-address value="$mac"/>
</identifier>
<identifier>
<ip-address value="$ip" type="IPv4"/>
</identifier>
</link>
</delete>
</ifmap:publish>
</env:Body>
</env:Envelope>' $ifmapServer
END
print "Command: $publishCommand\n";
print `$publishCommand`;
} elsif($type eq "expiry") {
# This doesn't work yet - need MAC address
}
}
omapd on my blog: http://nixtrix.blogspot.com/2010/05/if-map-with-isc-dhcp-and-omapd.html
The full publish-ip-mac.pl script doesn't play nicely with the
blogging software, so I didn't post that on the blog, but I'll post it
here.
A couple things to note:
I haven't solved the "no MAC address with 'on expiry'" problem yet...
so lease expirations won't trigger a proper cleanup.
The script is less than adequate right now because it calls out to
curl to do the publish and delete. I plan on fixing this and using a
pure SOAP API, but this should get people by for the short term.
#!/usr/bin/perl
use strict;
use warnings;
use Data::Dumper qw(Dumper);
use SOAP::Lite
# Set a default action handler that is .NET friendly
# otherwise, we'll get errors from the server as
# SOAP::Lite defaults to sending an incompatible SOAPAction
# header. (%s#%s but we need %s%s)
# on_action => sub {sprintf '%s%s', @_},
# For debugging
+trace=>'all';
my $type = shift;
my $ip = shift;
my $mac = shift;
my $ifmapServer = "https://127.0.0.1:8081";
# Fork so we can return control
# to the dhcp server ASAP.
my $pid = fork();
# If we're the child them
# attempt to publish this
# information to the MAP
# server.
if($pid == 0) {
my $soap = SOAP::Lite
->readable(1)
->ns('file:ifmap.wsdl')
->proxy('https://127.0.0.1:8081');
# Use the below with the WSDL interface.
# and remove the proxy line.
#->service('file:ifmap.wsdl')
#->endpoint("https://127.0.0.1:8081");
my $serializer = $soap->serializer();
$serializer->register_ns('http://www.trustedcomputinggroup.org/
2006/IFMAP/1', 'ifmap');
$serializer->register_ns('http://www.trustedcomputinggroup.org/
2006/IFMAP-METADATA/1', 'meta');
my $newSession = SOAP::Data->name("ifmap:new-session");
my $soapReply = $soap->call($newSession);
my $sessionId = $soapReply->valueof('//session-id');
my $publisherId = $soapReply->valueof('//publisher-id');
printf("Session ID: $sessionId\n");
printf("Publisher ID: $publisherId\n");
my $sessionHeader =
SOAP::Header
->name("ifmap:session-id")
->value($sessionId);
if($type eq "commit") {
my $publishCommand = <<END;
curl --insecure -X POST -H 'Content-type: text/xml' -d '<?xml
version="1.0"?>
<env:Envelope
xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:ifmap="http://www.trustedcomputinggroup.org/2006/IFMAP/1"
xmlns:meta="http://www.trustedcomputinggroup.org/2006/IFMAP-METADATA/
1">
<env:Header>
<ifmap:session-id>$sessionId</ifmap:session-id>
</env:Header>
<env:Body>
<ifmap:publish>
<update name="ISC DHCP $ip">
<link>
<identifier>
<mac-address value="$mac"/>
</identifier>
<identifier>
<ip-address value="$ip" type="IPv4"/>
</identifier>
</link>
<metadata>
<meta:ip-mac cardinality="singleValue"/>
</metadata>
</update>
</ifmap:publish>
</env:Body>
</env:Envelope>' $ifmapServer
END
`$publishCommand`;
} elsif($type eq "release") {
my $publishCommand = <<END;
curl --insecure -X POST -H 'Content-type: text/xml' -d '<?xml
version="1.0"?>
<env:Envelope
xmlns:env="http://www.w3.org/2003/05/soap-envelope"
xmlns:ifmap="http://www.trustedcomputinggroup.org/2006/IFMAP/1"
xmlns:meta="http://www.trustedcomputinggroup.org/2006/IFMAP-METADATA/
1">
<env:Header>
<ifmap:session-id>$sessionId</ifmap:session-id>
</env:Header>
<env:Body>
<ifmap:publish>
<delete>
<link>
<identifier>
<mac-address value="$mac"/>
</identifier>
<identifier>
<ip-address value="$ip" type="IPv4"/>
</identifier>
</link>
</delete>
</ifmap:publish>
</env:Body>
</env:Envelope>' $ifmapServer
END
print "Command: $publishCommand\n";
print `$publishCommand`;
} elsif($type eq "expiry") {
# This doesn't work yet - need MAC address
}
}
Andrew Benton
May 16, 2010, 3:53:40 PM5/16/10
to ifma...@googlegroups.com
this is pretty cool. david vigier at infoblox has done a bunch of work
with ifmap in perl. david what soap library do you use?
with ifmap in perl. david what soap library do you use?
David Vigier
May 16, 2010, 7:38:12 PM5/16/10
to ifma...@googlegroups.com
Hi Andrew,
I don't use any soap library for my perl ifmap client. this is a framework I use for testing. and I need it to be able to send valid requests as well as invalid ones. so I didn't want to be limited by any schema.
Thanks,
David.
I don't use any soap library for my perl ifmap client. this is a framework I use for testing. and I need it to be able to send valid requests as well as invalid ones. so I didn't want to be limited by any schema.
Thanks,
David.
David Vigier
May 16, 2010, 7:55:06 PM5/16/10
to ifma...@googlegroups.com
Hi Terry,
good to see more interest for ifmap in the opensource community!
I just have a few comments regarding your script:
- there is no "name" attribute on the update element of publish request. omapd must ignore it. it should probably reject it.
- you might want to consider publishing also the start-time, end-time and dhcp-server as part of the ip-mac metadata.
- you should probably specify a filter in the delete request (eg: filter="meta:ip-mac") to avoid wiping out other metadata published on the same link.
Thanks,
David.
good to see more interest for ifmap in the opensource community!
I just have a few comments regarding your script:
- there is no "name" attribute on the update element of publish request. omapd must ignore it. it should probably reject it.
- you might want to consider publishing also the start-time, end-time and dhcp-server as part of the ip-mac metadata.
- you should probably specify a filter in the delete request (eg: filter="meta:ip-mac") to avoid wiping out other metadata published on the same link.
Thanks,
David.
Terry Simons
May 16, 2010, 8:32:58 PM5/16/10
to ifmapdev
Hi David,
Thanks for the tips.
I have a few questions about your suggestions.
Regarding the lack of a name attribute on my update request: I did
notice that some of the examples in the specification do include a
name attribute, and I see that it can be used as an anchor for
searches. I'll work on getting that fixed in my script... but Example
#2 in section 8.3 (page 63) does *not* include a name attribute on its
publish/update. If this is a required attribute then the spec should
probably be updated to include it in the examples.
How specific should the name be? I was thinking of doing something
like: "ISC DHCP Lease <ip>", or should it be more generically
something like "ISC DHCP Lease"?
For start-time and end-time... I see the ip-mac definition on page 23
(section 3.3.1.10) but it's not clear to me what format the "dateTime"
type is supposed to be in. I can't seem to find any references to
that in the WSDL or XSD files, and I don't see any clear explanation
in the specification. Can you help there?
I had some troubles getting my filter working initially, so I stripped
the delete request down to the bare minimum in order to get it
working, so I'll revisit that now that things are behaving.
Thanks!
- Terry
Thanks for the tips.
I have a few questions about your suggestions.
Regarding the lack of a name attribute on my update request: I did
notice that some of the examples in the specification do include a
name attribute, and I see that it can be used as an anchor for
searches. I'll work on getting that fixed in my script... but Example
#2 in section 8.3 (page 63) does *not* include a name attribute on its
publish/update. If this is a required attribute then the spec should
probably be updated to include it in the examples.
How specific should the name be? I was thinking of doing something
like: "ISC DHCP Lease <ip>", or should it be more generically
something like "ISC DHCP Lease"?
For start-time and end-time... I see the ip-mac definition on page 23
(section 3.3.1.10) but it's not clear to me what format the "dateTime"
type is supposed to be in. I can't seem to find any references to
that in the WSDL or XSD files, and I don't see any clear explanation
in the specification. Can you help there?
I had some troubles getting my filter working initially, so I stripped
the delete request down to the bare minimum in order to get it
working, so I'll revisit that now that things are behaving.
Thanks!
- Terry
David Vigier
May 16, 2010, 8:57:41 PM5/16/10
to ifma...@googlegroups.com
Hi Terry,
sorry I wasn't clear when I mentioned the name attribute.
I noticed that you specified a name attribute on the publish request. but this is not standard, the ifmap specification do not define this name attribute for the publish update. so I would suggest to remove it from your request. regarding my note about omapd, I was saying that since it is not defined in the standard, omapd is probably ignoring this name. but t would be better if it rejected the request in my opinion, to avoid any confusion.
I don't think there is any example of publish update request where a name is passed as attribute, for the obvious reason I mentioned earlier :)
if you have found such update element with name, it must be for the subscribe update operation. indeed, you can (and actually you have to) assign a name to your subscriptions. note that the standard suggests using an integer for a subscription name, but it can be anything.
as for dateTime, this is a primitive data type of xml schemas. you can find the details of its format here: http://www.w3.org/TR/xmlschema-2/#dateTime (the section 3.2.7.1 describes the syntax)
hope this helps.
Thanks,
David.
sorry I wasn't clear when I mentioned the name attribute.
I noticed that you specified a name attribute on the publish request. but this is not standard, the ifmap specification do not define this name attribute for the publish update. so I would suggest to remove it from your request. regarding my note about omapd, I was saying that since it is not defined in the standard, omapd is probably ignoring this name. but t would be better if it rejected the request in my opinion, to avoid any confusion.
I don't think there is any example of publish update request where a name is passed as attribute, for the obvious reason I mentioned earlier :)
if you have found such update element with name, it must be for the subscribe update operation. indeed, you can (and actually you have to) assign a name to your subscriptions. note that the standard suggests using an integer for a subscription name, but it can be anything.
as for dateTime, this is a primitive data type of xml schemas. you can find the details of its format here: http://www.w3.org/TR/xmlschema-2/#dateTime (the section 3.2.7.1 describes the syntax)
hope this helps.
Thanks,
David.
Terry Simons
May 17, 2010, 1:56:52 AM5/17/10
to ifmapdev
Hi David,
Ahhh sorry my mistake. :)
I've implemented all of your suggestions except for the start-time/end-
time attributes, which will take a bit more work.
I've updated my blog post with the latest full script:
http://nixtrix.blogspot.com/2010/05/if-map-with-isc-dhcp-and-omapd.html
The new script caches the MAC address on a commit and uses that to
delete entries on an expiry.
I also cleaned up the code a bit.
Thanks again for the suggestions.
- Terry
Ahhh sorry my mistake. :)
I've implemented all of your suggestions except for the start-time/end-
time attributes, which will take a bit more work.
I've updated my blog post with the latest full script:
http://nixtrix.blogspot.com/2010/05/if-map-with-isc-dhcp-and-omapd.html
The new script caches the MAC address on a commit and uses that to
delete entries on an expiry.
I also cleaned up the code a bit.
Thanks again for the suggestions.
- Terry
> sorry I wasn't clear when I mentioned the name attribute.
> I noticed that you specified a name attribute on the publish request. but this is not standard, the ifmap specification do not define this name attribute for the publish update. so I would suggest to remove it from your request. regarding my note about omapd, I was saying that since it is not defined in the standard, omapd is probably ignoring this name. but t would be better if it rejected the request in my opinion, to avoid any confusion.
>
> I don't think there is any example of publish update request where a name is passed as attribute, for the obvious reason I mentioned earlier :)
> if you have found such update element with name, it must be for the subscribe update operation. indeed, you can (and actually you have to) assign a name to your subscriptions. note that the standard suggests using an integer for a subscription name, but it can be anything.
>
> as for dateTime, this is a primitive data type of xml schemas. you can find the details of its format here:http://www.w3.org/TR/xmlschema-2/#dateTime(the section 3.2.7.1 describes the syntax)
> I noticed that you specified a name attribute on the publish request. but this is not standard, the ifmap specification do not define this name attribute for the publish update. so I would suggest to remove it from your request. regarding my note about omapd, I was saying that since it is not defined in the standard, omapd is probably ignoring this name. but t would be better if it rejected the request in my opinion, to avoid any confusion.
>
> I don't think there is any example of publish update request where a name is passed as attribute, for the obvious reason I mentioned earlier :)
> if you have found such update element with name, it must be for the subscribe update operation. indeed, you can (and actually you have to) assign a name to your subscriptions. note that the standard suggests using an integer for a subscription name, but it can be anything.
>
Terry Simons
May 17, 2010, 2:41:44 AM5/17/10
to ifmapdev
Hi David,
Can you explain why publishing start-time and end-time is important
for ip-mac links? Does it serve any functional purpose on the MAP
server, or is it just there for logging purposes?
Since IF-MAP does not provide historical data, why is it important to
provide start-time and end-time?
Just curious...
Thanks,
- Terry
Can you explain why publishing start-time and end-time is important
for ip-mac links? Does it serve any functional purpose on the MAP
server, or is it just there for logging purposes?
Since IF-MAP does not provide historical data, why is it important to
provide start-time and end-time?
Just curious...
Thanks,
- Terry
> sorry I wasn't clear when I mentioned the name attribute.
> I noticed that you specified a name attribute on the publish request. but this is not standard, the ifmap specification do not define this name attribute for the publish update. so I would suggest to remove it from your request. regarding my note about omapd, I was saying that since it is not defined in the standard, omapd is probably ignoring this name. but t would be better if it rejected the request in my opinion, to avoid any confusion.
>
> I don't think there is any example of publish update request where a name is passed as attribute, for the obvious reason I mentioned earlier :)
> if you have found such update element with name, it must be for the subscribe update operation. indeed, you can (and actually you have to) assign a name to your subscriptions. note that the standard suggests using an integer for a subscription name, but it can be anything.
>
> as for dateTime, this is a primitive data type of xml schemas. you can find the details of its format here:http://www.w3.org/TR/xmlschema-2/#dateTime(the section 3.2.7.1 describes the syntax)
> I noticed that you specified a name attribute on the publish request. but this is not standard, the ifmap specification do not define this name attribute for the publish update. so I would suggest to remove it from your request. regarding my note about omapd, I was saying that since it is not defined in the standard, omapd is probably ignoring this name. but t would be better if it rejected the request in my opinion, to avoid any confusion.
>
> I don't think there is any example of publish update request where a name is passed as attribute, for the obvious reason I mentioned earlier :)
> if you have found such update element with name, it must be for the subscribe update operation. indeed, you can (and actually you have to) assign a name to your subscriptions. note that the standard suggests using an integer for a subscription name, but it can be anything.
>
Sarab Mattes
May 17, 2010, 9:11:38 AM5/17/10
to ifma...@googlegroups.com
Hi David V,
I agree with you about omapd's desired behavior on receiving invalid attributes in IF-MAP requests. Currently, omapd does ignore the invalid attributes, but omapd should reject the request in this case, and doing so will maximize interoperability with other MAP implementations. I'll file an issue about this on the omapd issue page.
Thanks,
SDMattes
I agree with you about omapd's desired behavior on receiving invalid attributes in IF-MAP requests. Currently, omapd does ignore the invalid attributes, but omapd should reject the request in this case, and doing so will maximize interoperability with other MAP implementations. I'll file an issue about this on the omapd issue page.
Thanks,
SDMattes
Terry Simons
May 20, 2010, 3:36:30 AM5/20/10
to ifmapdev
Sarab and I have discussed integrating my ISC DHCP examples into the
omapd source tree.
I have just checked in my latest changes to omapd/examples (revision
70).
The script has some additional enhancements and cleanups. Most
notably proper MAC canonicalization prior to publishing ip-mac data to
the MAP server.
Enjoy.
omapd source tree.
I have just checked in my latest changes to omapd/examples (revision
70).
The script has some additional enhancements and cleanups. Most
notably proper MAC canonicalization prior to publishing ip-mac data to
the MAP server.
Enjoy.
Reply all
Reply to author
Forward
0 new messages