Skip to content
Snippets Groups Projects
Commit ee75e766 authored by David Schmitz's avatar David Schmitz
Browse files

Updated doc hierarchy to distinguish different versions

parent 2073afc0
No related branches found
No related tags found
No related merge requests found
flowspytag = $(shell git describe --abbrev=0)
flowspyver = $(shell git describe --abbrev=0 | egrep -o '([0-9]+\.){1,10}[0-9]+' | sed -e 's/\./_/g')
name = $(shell basename $(shell pwd))
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = doc/build
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) doc/source
.PHONY: help dist distclean docclean html latex text
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " text to make standalone txt files"
dist:
git archive --format tar --prefix $(name)-$(flowspyver)/ -o $(name)-$(flowspyver).tar $(flowspytag)
gzip -f $(name)-$(flowspyver).tar
distclean:
@rm -f *tar.gz
docclean:
-rm -rf $(BUILDDIR)/*
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \
"run these through (pdf)latex."
@grep -E "^[^ ]+:" Makefile | grep -v ^help
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Done"
docu-html:
mkdocs build
flowspytag = $(shell git describe --abbrev=0)
flowspyver = $(shell git describe --abbrev=0 | egrep -o '([0-9]+\.){1,10}[0-9]+' | sed -e 's/\./_/g')
name = $(shell basename $(shell pwd))
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = doc/build
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) doc/source
.PHONY: help dist distclean docclean html latex text
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " text to make standalone txt files"
dist:
git archive --format tar --prefix $(name)-$(flowspyver)/ -o $(name)-$(flowspyver).tar $(flowspytag)
gzip -f $(name)-$(flowspyver).tar
distclean:
@rm -f *tar.gz
docclean:
-rm -rf $(BUILDDIR)/*
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \
"run these through (pdf)latex."
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Done"
# REST API v1.3
# Description
Current version of FoD officially has a REST API.
......
# REST API v1.7
# Description
Current version of FoD officially has a REST API.
The API needs authentication. Out of the box the supported authentication
type is Token Authentication.
TO UPDATE
## Generating Tokens
A user can generate an API token using the FoD UI. Select "My Profile" from the
top right menu and on the "Api Token" section click "Generate One".
## Accessing the API
The API is available at `/api/`. One can see the available API endpoints for
each model by making a GET request there. An authentication token must be added
in the request:
* Using `cURL`, add the `-H "Authorization: Token <your-token>"`
parameter
* Using Postman, under the "Headers" add a header with name
"Authorization" and value "Token <your-token>".
# Endpoints
REST API provides the following endpoints that will be described in more detail in the next sections:
* `/api/routes/`
* `/api/thenactions/`
* `/api/matchprotocol/`
* `/api/matchdscp/`
* `/api/fragmenttypes/`
* `/api/stats/routes/`
# Usage Examples
Some basic usage examples will be provided including available
actions. Examples will be provided in `cURL` form.
An example will be provided for `ThenAction`. This example applies to most other
models (`MatchPort`, `FragmentType`, `MatchProtocol`, `MatchDscp`) except
`Route` which is more complex and will be treated separately.
## ThenAction
### GET
#### All items
URL: `/api/thenactions/`
Example:
```
curl -X GET https://fod.example.com/api/thenactions/ -H "Authorization: Token <your-token>"
RESPONSE:
[
"discard",
"rate-limit:10000k",
"rate-limit:1000k",
"rate-limit:100k"
]
```
## Route
### GET
#### All items
URL: `/api/routes/`
Example:
```
curl -X GET https://fod.example.com/api/routes/ -H "Authorization: Token <your-token>"
RESPONSE:
[
{
"applier": "admin",
"comments": "test comment",
"destination": "1.0.0.4/32",
"destinationport": "124",
"dscp": [],
"expires": "2021-04-15",
"filed": "2021-03-17T13:39:04.244120Z",
"fragmenttype": [],
"icmpcode": null,
"id": 62,
"last_updated": "2021-03-17T13:39:04.244151Z",
"name": "test_66ML9G",
"packetlength": null,
"port": null,
"protocol": [
"udp"
],
"requesters_address": null,
"response": null,
"source": "0.0.0.0/0",
"sourceport": "123",
"status": "PENDING",
"tcpflag": null,
"then": [
"discard"
]
}
...
]
```
#### A specific item
One can also GET a specific `Route`, by using the `id` in the GET url
URL: `/api/routes/<route-id>/`
Example:
```
curl -X GET https://fod.example.com/api/routes/1/ -H "Authorization: Token <your-token>"
RESPONSE:
{
"applier": "admin",
"comments": "test comment",
"destination": "1.0.0.4/32",
"destinationport": "124",
"dscp": [],
"expires": "2021-04-15",
"filed": "2021-03-17T13:39:04.244120Z",
"fragmenttype": [],
"icmpcode": null,
"id": 62,
"last_updated": "2021-03-17T13:39:04.244151Z",
"name": "test_66ML9G",
"packetlength": null,
"port": null,
"protocol": [
"udp"
],
"requesters_address": null,
"response": null,
"source": "0.0.0.0/0",
"sourceport": "123",
"status": "PENDING",
"tcpflag": null,
"then": [
"discard"
]
}
```
### POST
Required fields:
* `name`: a name for the route
* `source`: a source subnet in CIDR formation
* `destination`: a destination subnet in CIDR formation
* `comments`: a small comment on what this route is about
The response will contain all the additional fields
URL: `/api/routes/`
Example input data file `newroute.json`:
```
{
"comments": "test comment",
"destination": "1.0.0.4/32",
"destinationport": "124",
"name": "test",
"protocol": [
"udp"
],
"source": "0.0.0.0/0",
"sourceport": "123",
"then": ["discard"]
}
```
```
curl -X POST --data-binary @newroute.json -H "Content-Type: application/json" -H "Authorization: Token <your-token>" https://fod.example.com/api/routes/
RESPONSE:
{
"name": "test_OLLFTU",
"id": 63,
"comments": "test comment",
"applier": "admin",
"source": "0.0.0.0/0",
"sourceport": "123",
"destination": "1.0.0.4/32",
"destinationport": "124",
"port": null,
"dscp": [],
"fragmenttype": [],
"icmpcode": null,
"packetlength": null,
"protocol": [
"udp"
],
"tcpflag": null,
"then": [
"discard"
],
"filed": "2021-04-14T12:11:58.352094Z",
"last_updated": "2021-04-14T12:11:58.352141Z",
"status": "PENDING",
"expires": "2021-05-13",
"response": null,
"requesters_address": null
}
```
Notice that the `Route` has a `PENDING` status. This happens because the `Route`
is applied asynchronously to the Flowspec device (the API does not wait for the
operation). After a while the `Route` application will be finished and the
`status` field will contain the updated status (`ACTIVE`, `ERROR` etc).
You can check this `Route`s status by issuing a `GET` request with the `id`
the API returned.
This `Route`, however, is totally useless, since it applies no action for the
matched traffic. Let's add one with a `then` action which will discard it.
To do that, we must first add a `ThenAction` (or pick one of the already
existing) since we need it's `id`. Let's assume a `ThenAction` with an `id` of
`4` exists. To create a new `Route` with this `ThenAction`:
```
curl -X POST https://fod.example.com/api/routes/ -F "source=62.217.45.75/32" -F "destination=62.217.45.91/32" -F "name=testroute" -F "comments=Route for testing" -F "then=https://fod.example.com/api/thenactions/4" -H "Authorization: Token <your-token>"
{
"name":"testroute_9Q5Y90",
"id":5,
"comments":"Route for testing",
"applier":"admin",
"source":"62.217.45.75/32",
"sourceport":[],
"destination":"62.217.45.94/32",
"destinationport":[],
"port":[],
"dscp":[],
"fragmenttype":[],
"icmpcode":null,
"packetlength":null,
"protocol":[],
"tcpflag":null,
"then":[
"https://fod.example.com/api/thenactions/4/"
],
"filed":"2017-03-29T14:21:03.261Z",
"last_updated":"2017-03-29T14:21:03.261Z",
"status":"PENDING",
"expires":"2017-04-05",
"response":null,
"requesters_address":null
}
```
With the same process one can associate a `Route` with the `MatchPort`,
`FragmentType`, `MatchProtocol` & `MatchDscp` models.
NOTE:
When adding multiple `ForeignKey` related fields (such as multiple
`MatchPort` or `ThenAction` items) it is best to use a `json` file on the
request instead of specifying each field as a form argument.
Example:
```
curl -X POST https://fod.example.com/api/routes/ -d@data.json -H "Authorization: Token <your-token>"
data.json:
{
"name": "testroute",
"comments": "Route for testing",
"then": [
"https://fod.example.com/api/thenactions/4",
"https://fod.example.com/api/thenactions/5",
],
"source": "62.217.45.75/32",
"destination": "62.217.45.91/32"
}
RESPONSE:
{
"name":"testroute_9Q5Y90",
"id":5,
"comments":"Route for testing",
"applier":"admin",
"source":"62.217.45.75/32",
"sourceport":[],
"destination":"62.217.45.94/32",
"destinationport":[],
"port":[],
"dscp":[],
"fragmenttype":[],
"icmpcode":null,
"packetlength":null,
"protocol":[],
"tcpflag":null,
"then":[
"https://fod.example.com/api/thenactions/4/"
],
"filed":"2017-03-29T14:21:03.261Z",
"last_updated":"2017-03-29T14:21:03.261Z",
"status":"PENDING",
"expires":"2017-04-05",
"response":null,
"requesters_address":null
}
```
### PUT, PATCH
`Route` objects can be modified using the `PUT` / `PATCH` HTTP methods.
When using `PUT` all fields should be specified (see `POST` section).
However, when using `PATCH` one can specify single fields too. This is useful
for changing the `status` of an `INACTIVE` `Route` to `ACTIVE`.
The process is the same as described above with `POST`. Don't forget to use
the correct method.
### DELETE
See `ThenAction`s.
### General notes on `Route` models:
* When `POST`ing a new `Route`, FoD will automatically commit it to the flowspec
device. Thus, `POST`ing a new `Route` with a status of `INACTIVE` has no effect,
since the `Route` will be activated and the status will be restored to `ACTIVE`.
* When `DELETE`ing a `Route`, the actual `Route` object will remain. FoD will
only delete the rule from the flowspec device and change the `Route`'s status to
'INACTIVE'
* When changing (`PUT`/`PATCH`) a `Route`, FoD will sync the changes to the
flowspec device. Changing the status of the `Route` will activate / delete the
rule respectively.
# Configuration v1.3
Time to configure flowspy.
First of all you have to copy the dist files to their proper position:
# cd /srv/flowspy/flowspy
# cp settings.py.dist settings.py
# cp urls.py.dist urls.py
Then, you have to edit the settings.py file to correspond to your needs. The settings one has to focus on are:
## Settings.py
Its time to configure `settings.py` in order to connect flowspy with a database, a network device and a broker.
So lets edit settings.py file.
It is strongly advised that you do not change the following to False
values unless, you want to integrate FoD with you CRM or members
database. This implies that you are able/have the rights to create
database views between the two databases:
PEER_MANAGED_TABLE = True
PEER_RANGE_MANAGED_TABLE = True
PEER_TECHC_MANAGED_TABLE = True
By doing that the corresponding tables as defined in peers/models will
not be created. As noted above, you have to create the views that the
tables will rely on.
### Administrators
ADMINS: set your admin name and email (assuming that your server can send notifications)
### Secret Key
Please put a random string in `SECRET_KEY` setting.
Make this *unique*, and don't share it with anybody. It's the unique identifier of this instance of the application.
### Allowed hosts
A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent an attacker from poisoning caches and password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe webserver configurations.
For example:
ALLOWED_HOSTS = ['*']
### Protected subnets
Subnets for which source or destination address will prevent rule creation and notify the `NOTIFY_ADMIN_MAILS`.
PROTECTED_SUBNETS = ['10.10.0.0/16']
### Database
`DATABASES` should contain the database credentials:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'flowspy',
'USER': '<db user>',
'PASSWORD': '<db password>',
'HOST': '<db host>',
'PORT': '',
}
}
### Localization
By default Flowspy has translations for English and Greek. In case you want to add
another language, or remove one of the existing, you can change the `LANGUAGES`
variable and follow [django's localization documentation](https://docs.djangoproject.com/en/1.4/topics/i18n/translation/#localization-how-to-create-language-files)
You might want to change `TIME_ZONE` setting too. Here is a [list](http://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
### Cache
Flowspy uses cache in order to be fast. We recomend the usage of memcached, but
any cache backend supported by django should work fine.
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
### Network device access
We have to inform django about the device we set up earlier.
NETCONF_DEVICE = "device.example.com"
NETCONF_USER = "<netconf user>"
NETCONF_PASS = "<netconf password>"
NETCONF_PORT = 830
### Beanstalkd
Beanstalk configuration (as a broker for celery)
BROKER_HOST = "localhost"
BROKER_PORT = 11300
POLLS_TUBE = 'polls'
BROKER_URL = "beanstalk://localhost:11300//"
### Notifications
Outgoing mail address and prefix.
SERVER_EMAIL = "Example FoD Service <noreply@example.com>"
EMAIL_SUBJECT_PREFIX = "[FoD] "
NOTIFY_ADMIN_MAILS = ["admin@example.com"]
If you have not installed an outgoing mail server you can always use your own account (either corporate or gmail, hotmail ,etc) by adding the
following lines in settings.py:
EMAIL_USE_TLS = True #(or False)
EMAIL_HOST = 'smtp.example.com'
EMAIL_HOST_USER = 'username'
EMAIL_HOST_PASSWORD = 'yourpassword'
EMAIL_PORT = 587 #(outgoing)
### Whois servers
Add two whois servers in order to be able to get all the subnets for an AS.
PRIMARY_WHOIS = 'whois.example.com'
ALTERNATE_WHOIS = 'whois.example.net'
### Branding
Fill your company's information in order to show it in flowspy.
BRANDING = {
'name': 'Example.com',
'url': 'https://example.com',
'footer_iframe': 'https://example.com/iframes/footer/',
'facebook': '//facebook.com/example.com',
'twitter': '//twitter.com/examplecom',
'phone': '800-12-12345',
'email': 'helpdesk@example.com',
'logo': 'logo.png',
'favicon': 'favicon.ico',
}
### Shibboleth
Flowspy supports shibboleth authentication.
SHIB_AUTH_ENTITLEMENT = 'urn:mace'
SHIB_ADMIN_DOMAIN = 'example.com'
SHIB_LOGOUT_URL = 'https://example.com/Shibboleth.sso/Logout'
SHIB_USERNAME = ['HTTP_EPPN']
SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL']
SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME']
SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME']
SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT']
### Syncing the database
To create all the tables needed by FoD we have to run the following commands:
cd /srv/flowspy
./manage.py syncdb --noinput
./manage.py migrate
## Create a superuser
A superuser can be added by using the following command from `/srv/flowspy/`:
./manage.py createsuperuser
## Propagate the flatpages
Inside the initial\_data/fixtures\_manual.xml file we have placed 4
flatpages (2 for Greek, 2 for English) with Information and Terms of
Service about the service. To import the flatpages, run from root
folder:
python manage.py loaddata initial_data/fixtures_manual.xml
### Celery
Celery is a distributed task queue, which helps FoD run some async tasks, like applying a flowspec rule to a router.
`Note` In order to check if celery runs or even debug it, you can run:
./manage.py celeryd --loglevel=debug
### Testing/Debugging
In order to see what went wrong you can check the following things.
#### Django
You can start the server manually by running:
./manage.py runserver 127.0.0.1:8081
By doing so, you can serve your application like gunicord does just to test that its starting properly. This command should not be used in production!
Of course you have to stop gunicorn and make sure that port 8081 is free.
#### Gunicorn
Just curl from the server http://localhost:8081
#### Celery
In order to check if celery is working properly one can start celery by typing:
./manage.py celeryd --loglevel=debug
Again this is for debug purposes.
#### Connectivity to flowspec device
Just try to connect with the credentials you entered in settings.py from the host that will be serving flowspy.
#### General Test
Log in to the admin interface via https://<hostname>/admin. Go to Peer ranges and add a new range (part of/or a complete subnet), eg. 10.20.0.0/19 Go to Peers and add a new peer, eg. id: 1, name: Test, AS: 16503, tag: TEST and move the network you have created from Available to Chosen. From the admin front, go to User, and edit your user. From the bottom of the page, select the TEST peer and save. Last but not least, modify as required the existing (example.com) Site instance (admin home->Sites). You are done. As you are logged-in via the admin, there is no need to go through Shibboleth at this time. Go to https://<hostname>/ and create a new rule. Your rule should be applied on the flowspec capable device after aprox. 10 seconds.
## Footer
Under the templates folder (templates), you can alter the footer.html
file to include your own footer messages, badges, etc.
## Welcome Page
Under the templates folder (templates), you can alter the welcome page -
welcome.html with your own images, carousel, videos, etc.
## Usage
### Web interface
FoD comes with a web interface, in which one can edit and apply new routes.
### Rest Api
FoD provides a rest api. It uses token as authentication method.
### Generating Tokens
A user can generate a token for his account on "my profile" page from FoD's
UI. Then by using this token in the header of the request he can list, retrieve,
modify and create rules.
### Example Usage
Here are some examples:
#### GET items
- List all the rules your user has created (admin users can see all the rules)
curl -X GET https://fod.example.com/api/routes/ -H 'Authorization: Token <Your users token>'
- Retrieve a specific rule:
curl -X GET https://fod.example.com/api/routes/<rule_id>/ -H 'Authorization: Token <Your users token>'
- In order to create or modify a rule you have to use POST/PUT methods.
#### POST/PUT rules
In order to update or create rules you can follow this example:
##### Foreign Keys
In order to create/modify a rule you have to connect the rule with some foreign keys:
###### Ports, Fragmentypes, protocols, thenactions
When creating a rule, one can specify:
- source port
- destination port
- port (if source = destination)
That can be done by getting the url of the desired port instance from `/api/ports/<port_id>/`
Same with Fragmentypes in `/api/fragmenttypes/<fragmenttype_id>/`, protocols in `/api/matchprotocol/<protocol_id>/` and then actions in `/api/thenactions/<action_id>/`.
Since we have the urls we want to connect with the rule we want to create, we can make a POST request like the following:
curl -X POST -H 'Authorization: Token <Your users token>' -F "name=Example" -F "comments=Description" -F "source=0.0.0.0/0" -F "sourceport=https://fod.example.com/api/ports/7/" -F "destination=203.0.113.12" https://fod.example.com/api/routes/
And here is a PUT request example:
curl -X PUT -F "name=Example" -F "comments=Description" -F "source=0.0.0.0/0" -F "sourceport=https://fod.example.com/api/ports/7/" -F "destination=83.212.9.93" https://fod.example.com/api/routes/12/ -H 'Authorization: Token <Your users token>'
# Configuration v1.7
Time to configure flowspy.
First of all you have to copy the dist files to their proper position:
......
......@@ -7,16 +7,18 @@ combination of a Shibboleth attribute and the peer network address range
that the user originates from. FoD is meant to operate over this
architecture:
+-----------+ +------------+ +------------+
| FoD | NETCONF | flowspec | ebgp | router |
| web app +----------> device +--------> |
+-----------+ +------+-----+ +------------+
| ebgp
|
+------v-----+
| router |
| |
+------------+
```
+-----------+ +------------+ +------------+
| FoD | NETCONF | flowspec | ebgp | router |
| web app +----------> device +--------> |
+-----------+ +------+-----+ +------------+
| ebgp
|
+------v-----+
| router |
| |
+------------+
```
NETCONF is chosen as the mgmt protocol to apply rules to a single
flowspec capable device. Rules are then propagated via igbp to all
......@@ -28,7 +30,14 @@ case the flowspec capable device is an EX4200.
>
> Make sure your FoD server has SSH access to your flowspec device.
# Contact
# Contact
You can find more about FoD or raise your issues at [Github FoD
repository].
You can contact us directly at fod{at}geant[dot]net
# GRNET Contact
You can find more about FoD or raise your issues at [Github FoD
repository].
......@@ -37,11 +46,15 @@ You can contact us directly at dev{at}noc[dot]grnet(.)gr
# Repositories
- [Github FoD repository](https://github.com/grnet/flowspy)
- [GEANT Github FoD repository](https://github.com/GEANT/FOD)
- [GRNET Github FoD repository](https://github.com/grnet/flowspy)
## Copyright and license
Copyright © 2017-2021 GÉANT4-3 WP8 T3
Copyright © 2010-2017 Greek Research and Technology Network (GRNET S.A.)
This program is free software: you can redistribute it and/or modify
......
# Debian Wheezy (x64) - Django 1.4.x
# Installing Flowspy v1.3 on Debian Wheezy (x64) - Django 1.4.x
The following document describes the installation process of Firewall On Demand
on a Debian Wheezy machine with Django 1.4
......
# Installing Flowspy
# Installing Flowspy v1.3 Generic
This guide provides general information about the installation of Flowspy. In case you use Debian Wheezy or Red Hat Linux, we provide detailed instructions for the installation.
Also it assumes that installation is carried out in `/srv/flowspy`
......
# Installing Flowspy v1.3 on Redhat
The following document describes the installation process of Firewall On Demand
on a redhat 6.5 machine with linux 2.6.32-431.17.1.el6.x86_64.
......
# Installing Flowspy v1.7 with Docker
This guide provides general information about the installation of Flowspy. In case you use Debian Wheezy or Red Hat Linux, we provide detailed instructions for the installation.
Also it assumes that installation is carried out in `/srv/flowspy`
directory. If other directory is to be used, please change the
corresponding configuration files. It is also assumed that the `root` user
will perform every action.
TO UPDATE
## Requirements
### System Requirements
# Installing Flowspy v1.7 Generic
This guide provides general information about the installation of Flowspy. In case you use Debian Wheezy or Red Hat Linux, we provide detailed instructions for the installation.
Also it assumes that installation is carried out in `/srv/flowspy`
directory. If other directory is to be used, please change the
corresponding configuration files. It is also assumed that the `root` user
will perform every action.
TO UPDATE
## Requirements
### System Requirements
In order to install FoD properly, make sure the following software is installed on your computer.
- apache 2
- memcached
- libapache2-mod-proxy-html
- gunicorn
- beanstalkd
- mysql
- python
- pip
- libxml2-dev
- libxslt-dev
- gcc
- python-dev
### Pip
In order to install the required python packages for Flowspy you can use pip:
pip install -r requirements.txt
### Create a database
If you are using mysql, you should create a database:
mysql -u root -p -e 'create database fod'
### Download Flowspy
You can download Fod from GRNETs github repository. Then you have to unzip the file and place it under /srv.
cd /tmp
wget https://github.com/grnet/flowspy/archive/v1.2.zip
unzip v1.2.zip
mv flowspy-1.2 /srv/flowspy/
### Copy dist files
cd /srv/flowspy/flowspy
cp settings.py.dist settings.py
cp urls.py.dist urls.py
### Device Configuration
Flowspy generates and commits flowspec rules to a
device via netconf. You have to create an account
with rw access to flowspec and set these credentials
in settings.py. See Configuration for details.
### Adding some default data
Into `/srv/flowspy` you will notice that there is a directory called `initial_data`. In there, there is a file called `fixtures_manual.xml` which contains some default static pages for django's flatpages app. In this file we have placed 4 flatpages (2 for Greek, 2 for English) with Information and Terms of Service about the service. To import the flatpages, run from `/srv/flowspy`:
./manage.py loaddata initial_data/fixtures_manual.xml
### Beanstalkd
Just start beanstalk already!
service beanstalkd start
### Apache2
Apache proxies gunicorn. Things are more flexible here as you may follow your own configuration and conventions.
#### Example config
Here is an example configuration.
<VirtualHost *:80>
ServerName fod.example.org
DocumentRoot /var/www
ErrorLog /var/log/httpd/fod_error.log
LogLevel debug
CustomLog /var/log/httpd/fod_access.log combined
RewriteEngine On
RewriteRule ^/(.*) https://fod.example.com/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProtocol TLSv1
SSLCertificateFile /home/local/GEANT/dante.spatharas/filename.crt
SSLCertificateKeyFile /home/local/GEANT/dante.spatharas/filename.key
SSLCACertificateFile /home/local/GEANT/dante.spatharas/filename.crt
Alias /static /srv/flowspy/static
AddDefaultCharset UTF-8
IndexOptions +Charset=UTF-8
#SSLProxyEngine off
ProxyErrorOverride off
ProxyTimeout 28800
ProxyPass /static !
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
`Important!` You have to comment out/disable the default `Virtualhost` defined on line 74 until the end of this block at `/etc/httpd/conf.d/ssl.conf `.
### Gunicorn
FoD is served via gunicorn and is then proxied by Apache. If the above
directory conventions have been followed so far, then your configuration
should be:
CONFIG = {
'mode': 'django',
'working_dir': '/srv/flowspy',
'args': (
'--bind=127.0.0.1:8081',
'--workers=1',
'--worker-class=egg:gunicorn#gevent',
'--timeout=30',
'--debug',
'--log-level=debug',
'--log-file=/var/log/gunicorn/fod.log',
),
}
site_name: Firewall On Demand
repo_url: https://github.com/grnet/flowspy/
#repo_url: https://github.com/grnet/flowspy/
repo_url: https://github.com/GEANT/FOD/
#site_author: Stavros Kroustouris
site_author: GÉANT4-3 WP8 T3
docs_dir: doc
site_author: Stavros Kroustouris
theme: readthedocs
pages:
#theme: readthedocs
#pages:
nav:
- 'Introduction': 'index.md'
- 'Installation':
- 'Generic': 'installation/generic.md'
- 'Debian': 'installation/debian_wheezy.md'
- 'Red Hat': 'installation/redhat.md'
- 'Configuration': 'configuration.md'
- 'API': 'api.md'
- 'v1.3':
- 'Generic': 'installation/v1.3/generic.md'
- 'Debian': 'installation/v1.3/debian_wheezy.md'
- 'Red Hat': 'installation/v1.3/redhat.md'
- 'v1.7':
- 'Generic': 'installation/v1.7/generic.md'
- 'Docker': 'installation/v1.7/docker.md'
- 'Configuration':
- 'v1.3': 'configuration/configuration-v1.3.md'
- 'v1.7': 'configuration/configuration-v1.7.md'
- 'API':
- 'v1.3': 'api/api-v1.3.md'
- 'v1.7': 'api/api-v1.7.md'
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment