NetDirector: Open Source Configuration Management Goes GPL

by Mark on July 14, 2008

A few weeks ago I felt a little like a proud pappa, well maybe more like an uncle since I can’t claim to have been present for the conception. NetDirector, an open source configuration management tool that I helped get off the ground NetDirectorhas finally been released under the GNU Public License making it a bona fide open source application (it was previously licensed under the NetDirector Public license — the Mozilla Public License with an attribution clause).  NetDirector is a web-based Unix system administration tool that provides the ability to centrally manage  services. The thing that’s makes NetDirector unique is it’s ability to simultaneously manage multiple servers at once from a graphical interface. In comparison to the very popular Webmin which can configure many different services and server attributes but maintains a one-to-one ratio.

NetDirector Overview

NetDirector  is based on a client-server model. Agents reside on each server under management and are responsible for receiving and implementing configuration changes. The NetDirector server is a java application that controls all the agents and receives updates as well as pushes configurations and other data to the servers. Communication between the Agent and Server Manger is secured by encrypting the conversations with SSL. Configuration files are parsed and variables are entered through a form-based interface. Servers can be grouped in most any criterion (geography, function, etc.) then you can simultaneous edit server configurations across groups or individually.

NetDirector Screenshot

Some of the cooler features that make NetDirector very enterprise ready include:

  • Change scheduling capability – Schedule your changes for predefined maintenance windows
  • Rollback – All changes are logged and you can rollback to previous points in time
  • Role-based permissions – You can control access to server configurations using users and groups
  • Server configuration cloning – You can clone configurations to new and existing servers

You can use the NetDirector framework to manage many different services from a central console securely. Currently NetDirector has plugins for HTTP, DNS, DHCP, LDAP, Kerberos (beta), File and Print (Samba, NFS, FTP), Email, Users and Groups. You can also use NetDirector’s permission based publishing to control configuration files in their entirety rather than the parsed config files that are supported by each of the aforementioned plugins.

For those who want plugins NetDirector is open and extensible so anyone with Java development experience can add a module, or plugin. There are two main types of pugins – Service Plugins that provide an interface to manage an application (say Asterisk); Integration Plugins that integrate other management tools with NetDirector (say Patching and Provisioning, like Yum or apt).

One such plugin is a legacy plugin for the Red Hat Network. This addon is very cool as it allowed you to configure up2date RHN Plugin. This plugin only supports RHEL 3 and 4 since Red Hat now prefers to use YUM. However the idea that you could update your RHN channel preferences for each server simultaneously is a very useful feature and I would be jazzed to see an update to the plugin. Maybe even a cool combination with Red Hat’s Project Spacewalk.

If your preference is to manually configure flat files, NetDirector gives you the flexibility to manage this way while preserving the benefits of role-based access controls, change scheduling and change rollback. When you need to make several changes to different servers, rather than opening an SSH session to each box, you can instead log in to NetDirector once, edit the desired flat files and schedule everything for later. For example you could use NetDirector to update /etc/hosts across a group of servers.

NetDirector allows you to see your network from a simple web GUI, and see only the servers running the service you want to manage at a time. For example, if you need to make changes to your email system and select Postfix, the Server Tree will filter to only show you the servers in your network that are running Postfix.

The Future of NetDirector

I am very happy that NetDirector is now available under the GPL if I can say that there was one thing I could changed about the development of NetDirector was that it would have been released under this license initially (we had our reasons but not sure how good they were in hindsight). I think having the software under a free and open source license will encourage more people to get involved. It also makes it easier for many distributions to alter and redistribute. It has already been used as the management interface for SpikeSource’s Suite Two server. NetDirector would make an excellent admin interface for any number of other software products and NetDirector’s plug-able architecture should make it relatively to extend . Alternatively, Epoch Labs, the new maintainer of NetDirector, can work with you to develop a custom module for a fee (typical Plugins cost between $5,000 and $15,000 depending on complexity).

Also I think that NetDirector could be a good compliment to other configuration management software like Puppet. Puppet is an great way to build and configure servers initially but using NetDirector as an ongoing maintenance tool in conjunction with Puppet would be interesting. Or perhaps it could be in used as a master control agent for Webmin.

Currently the GPL release of NetDirector only has tarballs and a .deb package available but I am sure that Greg (the project lead) would be glad for packaging help and plugin developers. You can contact him through the NetDirector website.

Technorati Tags: , , , , ,

{ 2 trackbacks }

451 CAOS Theory » 451 CAOS Links - 2008.07.15
July 15, 2008 at 11:38 pm
People Over Process » Links for August 5th from 10:35 to 11:58
August 5, 2008 at 1:04 pm

{ 1 comment… read it below or add one }

gtewallace July 16, 2008 at 3:52 pm

“A few weeks ago I felt a little like a proud pappa, well maybe more like an uncle since I can’t claim to have been present for the conception.”

You’re in the South now, Mark – you can be both!! :-)

Thanks for the nice article!

Greg

Previous post:

Next post: