Skip to content

Latest commit

 

History

History
141 lines (104 loc) · 6.22 KB

INSTALL-CONFIG.md

File metadata and controls

141 lines (104 loc) · 6.22 KB
Raw

How to install the package

Please don't read this how to use aclhound on a daily basis, this is just for configuration and installation.

To install the package, execute the following lines on the commandline:

git clone https://github.com/job/aclhound.git
cd aclhound
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
sudo python setup.py install
sudo cp /etc/aclhound/aclhound.conf.dist /etc/aclhound/aclhound.conf
aclhound init
make test

Notes:

  • setup.py is run with sudo as it writes to /etc/
  • aclhound init creates the ~/.aclhound directory
  • install and configuration are needed for make test to run

Configuration files

aclhound.conf

This can be found in the /etc/aclhound/ directory.

This configuration file is used to configure some base settings for aclhound itself, and it contains settings to talk with jenkins & gerrit.

The following is an example configuration file:

 ; ACLHound system-wide configuration
[general]
local_only = false
policy_output_directory = /opt/aclhound/networkconfigs
project_name =
[jenkins]
hostname = aclhound001
port = 8080
username = aclhound
password =
[gerrit]
hostname = gerrit001
port = 29418
repository = networking
protocol = ssh
[user]
username =
location =

~/aclhound/.gitreview

This file is populated during the first/initialization run (see next chapter) of aclhound It contains the parameters to connect to gerrit

Example config:

 
[gerrit]
host=gerrit.remotehost
port=29418
project=aclhound-repos.git

.netrc

This file needs to be manually edited. This contains login information to do deployments from the commandline using the aclhound tool (automatic logins) Documentation on .netrc can be found here: http://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html

First run

To deploy a clean working directory for ACLHound, login as a normal user on a system which has the ACLHound software installed, and type:

"aclhound init"

This little setup part of ACLHound asks you 3 questions: username, location and whether or not you'd like to clone the repository data (configured in the aclhound.conf)

Jenkins integration

Syntax Validation

Configuration deployment

  • Make a new "freestyle project"
    • Give it a name (example: validate_aclhound_patchset)
    • at "Source Code Management" click "Git"
      • Type in the URL: ssh://[email protected]:29418/networking
      • Pick offcourse the proper credentials
      • At "Additional Behaviours", choose "Gerrit Trigger" as a Strategy (drop down)
    • Move on to build triggers, and click "Gerrit event"
      • configure the proper server
      • Create 2 triggers: "patchset created" and "draft published"
    • Move on to "Build", and click on "execute shell"
      • Insert this:
        • pwd
        • ls
        • echo "a test build is now performed for all ACLs...."
        • sleep 2
        • aclhound build all
    • Move on to "Post-build actions", and configure it to send an email with the results
  • Make a new "freestyle project"
    • Give it a name (example: push_configs_to_network)
    • at "Source Code Management" click "Git"
      • Type in the URL: ssh://[email protected]:29418/networking
      • Pick offcourse the proper credentials
    • Move on to build triggers, and click "Poll SCM"
      • insert the following schedule to have it run every morning at 10:10 on workdays: "10 10 * * 1-5"
    • Move on to "Build", and click on "execute shell"
      • Insert this:
        • echo "push config to network"
        • sleep 2
        • aclhound deploy all
    • Move on to "post build", and configure it to send an email with the results

 

ACL hound commands

- init Initialise aclhound end-user configuration.
 
 Initialise user-specific settings, ask the user for username on 
 repository server, location to store aclhound policy, ask to make
 initial clone.
Usage: aclhound [-d] init [--batch]
Options:
 --batch Automatically guess all settings (non-interactive mode).
 
 
- fetch Retrieve latest ACLHound policy from repository server.

- build Compile policy into network configuration, output on STDOUT
 
Show unified build for both IPv4 and IPv6 for a device.
Usage: aclhound build 
 aclhound build all
Arguments:
 
 The device file for which a network config must be generated.

 Build all network policies into their respective vendor specific
 representation. Useful as 'review' test in Jenkins.
Note: please ensure you run 'build' inside your ACLHound data directory 
 
 
 - deploy Deploy compiled configuration to a network device
 
 Deploy a compiled version of the ACLs on a network device
Usage: aclhound deploy 
 aclhound deploy all
Arguments:
 
 Hostname of the device on which the generated ACLs must be
 deployed.

 ACLHound will take all device files from devices/ (except
 filenames with a '.ignore' suffix), compile the policy and
 upload the policies to the device. "all" is suitable for cron or
 jenkins.
Note: please ensure you run 'deploy' inside your ACLHound data directory
 
 - reset Delete aclhound directory and fetch copy from repository.