OSS Control Panel to manage FreeBSD jails ... ?
Marc G. Fournier
About 6 years ago or so, we wrote an inhouse control panel to allow us to
manage freebsd jails from a central gui ... although it works, its neither
intuitive or pretty ... and is a nightmare to change ...
The features it does have is:
each client has 1 or more login ideas tot heir account
a client can have multiple jails assigned to them
- front page has a summary of memory, storage and bandwidth usage
- each VPS has their own detail screen that includes the above, as well
as any virtual hosts that are running on it
- new virtual machines can be requesetd
- new virtual hosts can be added
- mysql/pgsql databases can be added / deleted
all invoicing is performed automatically through the system
there is a support center for clients to post problems
what it doesn't do is dns or email management ... dns is modified 'by
request', and email is a totally seperate, unintegrated inferface ...
I've tried DTC, and its a nice interface, but its more a 'seperate
instance per VPS' vs centralized solution ... I don't want to have to log
into multiple interfaces to deal with support issues, for instance .. but,
at the same time, don't want to force a client to have two different
interfaces to handle things ...
Does anyone have any suggestions on software that could replace this? I
don't want ot run VMWare, or any of the other virtualization software
packages, I would like to stick, as much as possible, to a nice, clean,
jail environment ...
Thoughts?
----
Marc G. Fournier Hub.Org Hosting Solutions S.A.
scr...@hub.org http://www.hub.org
Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:scr...@hub.org
_______________________________________________
freeb...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp...@freebsd.org"
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-...@muc.de
Jack Carrozzo
back and use MyDNS to manage PTRs and such. I had a MyDNS master, whose DB
was updated by the webfront end, and 4 BIND slaves who yoinked zones off the
master (I didn't trust MyDNS to be public).
<http://mydns.bboy.net/>For what it's worth, I couldn't find a handy
solution either (hence writing things).
Cheers,
-Jack
> Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:scr...@hub.org<MSN%3Asc...@hub.org>
Tom Judge
>
> About 6 years ago or so, we wrote an inhouse control panel to allow us
> to manage freebsd jails from a central gui ... although it works, its
> neither intuitive or pretty ... and is a nightmare to change ...
>
At $work use a heavily customized version of RackTables with support for
managing FreeBSD Jails across all of our sites (200+ hosts, 570+
jails). The backend management is driven by cfengine with a custom
module that leverages ezjail to the actual jail management.
You can find the backend details here:
http://www.tomjudge.com/index.php/CFEngine/Managing_FreeBSD_Jails
Our full modifications to RackTables include role based package
management and automated package building using tinderbox nodes, which I
have yet to completely write up.
> The features it does have is:
>
> each client has 1 or more login ideas tot heir account
> a client can have multiple jails assigned to them
> - front page has a summary of memory, storage and bandwidth usage
> - each VPS has their own detail screen that includes the above, as well
> as any virtual hosts that are running on it
> - new virtual machines can be requesetd
> - new virtual hosts can be added
> - mysql/pgsql databases can be added / deleted
> all invoicing is performed automatically through the system
> there is a support center for clients to post problems
>
The system is not any where near this advanced, it does however work
quite nicely for us. To distribute the configuration data across our 7
sites we use MySQL replication and each node uses a local replica of the
configuration database.
Most of the monitoring functions we use cacti and nagios to perform but
they are not integrated into the user interface in a nice/useful way.
For us the way forward is looking to be openQRM and adding jail support
to it.
> what it doesn't do is dns or email management ... dns is modified 'by
> request', and email is a totally seperate, unintegrated inferface ...
>
For DNS management we use Bind with the ldap backend as a master, then 2
slaves at each site. To push out changes we have a collection of
scripts that send SOA notifications out on different IP addresses. This
is needed as a number of zones are split horizon and all updates
originate from our internal network.
> I've tried DTC, and its a nice interface, but its more a 'seperate
> instance per VPS' vs centralized solution ... I don't want to have to
> log into multiple interfaces to deal with support issues, for instance
> .. but, at the same time, don't want to force a client to have two
> different interfaces to handle things ...
>
> Does anyone have any suggestions on software that could replace this?
> I don't want ot run VMWare, or any of the other virtualization
> software packages, I would like to stick, as much as possible, to a
> nice, clean, jail environment ...
>
Not sure if any of the info I have provided is useful to you, but
someone may find it useful.
Tom
--
TJU13-ARIN
Outback Dingo
I think ISPControl will with a minor path modifications, to reach into
jails, might be worth taking a look at
> Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:scr...@hub.org<MSN%3Asc...@hub.org>
Adam McGreggor
> what it doesn't do is dns or email management ... dns is modified 'by
> request', and email is a totally seperate, unintegrated inferface ...
If you've got moderately technically competent users, you may find
Jonathan McDowell's AutoDNS
http://www.earth.li/projectpurple/progs/autodns.html
useful (at least, if users run their own DNS servers).
(Or indeed, use some of that/the idea to allow zonefile updates by
gpg-signed email)
Last time I looked at this (letting end-users faff with DNS zones) --
a few years back -- there were a couple of not-so-sucky options
available of freshmeat.
As for managing email, hum. That's where it gets complicated. Presumably
your MTA handles database-lookup/backends (or indeed, flatfiles for
each domain), so why not build a quick and dirty $language-of-choice
script to pull known domains (to the account), and let them run wild,
obviously, with syntax checking.
http://www.ex-parrot.com/~chris/vmail-sql/
may be worth a look, if you've not seen it already, and don't want to
completely write something yourself.
(although, note
http://www.ex-parrot.com/~chris/wwwitter/20070305-chris_lightfoot_1978-2007.html )
> I don't want to have to log
> into multiple interfaces to deal with support issues, for instance ..
> but, at the same time, don't want to force a client to have two different
> interfaces to handle things ...
>
> Does anyone have any suggestions on software that could replace this?
Presumably you're not talking about using RT (or similar) here, as the
software used to store/process the support requests, but something to
manage them.
I think the short answer is, none of us will ever be completely
content with stuff other people have written, so, erm, it's best to
roll our own, for our own needs, and hope it works/doesn't break.
--
''meetings, n.:
A place where minutes are kept and hours are lost.''
Marc G. Fournier
Actually, the big issue(s) that I'm facing are non-tech users that are
fearful of non-cpanel, and the lack of any truely integrated OSS solution
...
>From what I've read so far, what I have almost appears to be the closest
integrated solution that focuses on FreeBSD jails ...
I'm going to open up our code base in CVS so that others can look at it
... worst case, ppl say it sucks and is useless ... best case, maybe it
gives a foundation to expand upon ... *shrug*
Will post an announce later this week, including screen shots ....
On Wed, 21 Jul 2010, Adam McGreggor wrote:
> On Wed, Jul 21, 2010 at 03:49:07PM -0300, Marc G. Fournier wrote:
>> what it doesn't do is dns or email management ... dns is modified 'by
>> request', and email is a totally seperate, unintegrated inferface ...
>
> If you've got moderately technically competent users, you may find
> Jonathan McDowell's AutoDNS
>
> http://www.earth.li/projectpurple/progs/autodns.html
>
> useful (at least, if users run their own DNS servers).
>
> (Or indeed, use some of that/the idea to allow zonefile updates by
> gpg-signed email)
>
> Last time I looked at this (letting end-users faff with DNS zones) --
> a few years back -- there were a couple of not-so-sucky options
> available of freshmeat.
>
> As for managing email, hum. That's where it gets complicated. Presumably
> your MTA handles database-lookup/backends (or indeed, flatfiles for
> each domain), so why not build a quick and dirty $language-of-choice
> script to pull known domains (to the account), and let them run wild,
> obviously, with syntax checking.
>
> http://www.ex-parrot.com/~chris/vmail-sql/
>
> may be worth a look, if you've not seen it already, and don't want to
> completely write something yourself.
>
> (although, note
> http://www.ex-parrot.com/~chris/wwwitter/20070305-chris_lightfoot_1978-2007.html )
>
>> I don't want to have to log
>> into multiple interfaces to deal with support issues, for instance ..
>> but, at the same time, don't want to force a client to have two different
>> interfaces to handle things ...
>>
>> Does anyone have any suggestions on software that could replace this?
>
> Presumably you're not talking about using RT (or similar) here, as the
> software used to store/process the support requests, but something to
> manage them.
>
> I think the short answer is, none of us will ever be completely
> content with stuff other people have written, so, erm, it's best to
> roll our own, for our own needs, and hope it works/doesn't break.
>
> --
> ''meetings, n.:
> A place where minutes are kept and hours are lost.''
>
----
Chuck Swiger
> Actually, the big issue(s) that I'm facing are non-tech users that are fearful of non-cpanel, and the lack of any truely integrated OSS solution ...
Was there something wrong with webmin?
http://www.webmin.com/support.html
Regards,
--
-Chuck
Adam McGreggor
> Was there something wrong with webmin?
I'd rephrase that to is there anything *right* about webmin.
*hate*, *hate*, *hate*.
no histories/versioning, straight edits, often-run-on-default-port,
lets-one-change-things-without-understanding-why-it's-a-bad-thing, and
so on.
--
"If more of us valued food and cheer and song above hoarded gold, it
would be a merrier world"
-- J. R. R. Tolkien
Chuck Swiger
> On Wed, Jul 21, 2010 at 02:15:43PM -0700, Chuck Swiger wrote:
>
>
> *hate*, *hate*, *hate*.
>
> no histories/versioning, straight edits, often-run-on-default-port,
> lets-one-change-things-without-understanding-why-it's-a-bad-thing, and
> so on.
While I have some gripes of my own about Webmin, it was also a significant or even the primary factor in my being able to place FreeBSD fileservers running Samba, LDAP, dhcpd, etc as replacement boxes for Windows PDC/ADC boxes at various client sites over the years, since the locals could do web-based administration of a system without needing to be a Unix sysadmin.
Regards,
--
-Chuck
Marc G. Fournier
> On Wed, Jul 21, 2010 at 02:15:43PM -0700, Chuck Swiger wrote:
>> Was there something wrong with webmin?
>
> I'd rephrase that to is there anything *right* about webmin.
>
> *hate*, *hate*, *hate*.
>
> no histories/versioning, straight edits, often-run-on-default-port,
> lets-one-change-things-without-understanding-why-it's-a-bad-thing, and
> so on.
'k, I wouldn't go to the extent of 'hate', but, at least when I looked at
it way back when, there is no concept of a 'central console' ... or has
that changed?
Right now, I have one console that everyone logs into to do things (and
one to maintain / upgrade / debug), while with webmin, I would have
hundreds of them ... and I'd still need seperate solutions for, say,
support tickets ...
If that is a solution for you, then something like DTC will far blow away
webmin ... its a nice clean interface, includes billing, etc, etc ...
... but again, you are talking about hundreds of installs that need to be
maintained / upgraded / debugged ...
With my current system, although it doesn't have all the features that I'd
like, if I fix a bug that one client reports with the system, I fix *all*
clients ...
Here is some screenshots of what I mean:
http://www.hub.org/~scrappy/ams/