Hi. I'm trying to setup a Hobbit configuration so that I can monitor groups of servers for my clients and then give them access to a page with just their own servers on them.
I've done this in the past and just password protected the specific directory (page) that I didn't want anyone else to go to but now I want the client who logs in to ONLY see their own data... as though it was their own instance of Hobbit.
If I just use subpages it works okay except that the user can go ti "Views" --> "Main View" an see every one else's information. So that won't work for privacy reasons.
So I searched far and wide and found the topic of "Alternate Pagesets". I set that up and it looked fine at first but didn't seem much different than just subpages because they could still go to "Views" ---> "Main View" and see everyone's information again. So that didn't do the trick.
My ultimate goal is to look like each client has their own hobbit setup where the client can do Availability reports and look at the Non-Green Views.
So my questions are:
Am I setting up Alternate Pagesets wrong? Can Alternate Pagesets do what I want?
If not, then how can I achieve what I want without creating different instances of Hobbit.
Thanks
-ted
You can keep people out of pages you don't want them to see easily enough using the Apache security apparatus, you just need to protect every directory with an .htaccess file. They can still do the view->main thing, but if they do they will be challenged for a password which presumably they don't have.
I don't think is is possible to limit the reports using alternate pagesets. The reporting appears to be an all or nothing type of deal.
Thanks, Larry Barber
On 6/7/06, Ted M Harapat <ted at mob.net> wrote:
Hi. I'm trying to setup a Hobbit configuration so that I can monitor groups of servers for my clients and then give them access to a page with just their own servers on them.
I've done this in the past and just password protected the specific directory (page) that I didn't want anyone else to go to but now I want the client who logs in to ONLY see their own data... as though it was their own instance of Hobbit.
If I just use subpages it works okay except that the user can go ti "Views" --> "Main View" an see every one else's information. So that won't work for privacy reasons.
So I searched far and wide and found the topic of "Alternate Pagesets". I set that up and it looked fine at first but didn't seem much different than just subpages because they could still go to "Views" ---> "Main View" and see everyone's information again. So that didn't do the trick.
My ultimate goal is to look like each client has their own hobbit setup where the client can do Availability reports and look at the Non-Green Views.
So my questions are:
Am I setting up Alternate Pagesets wrong? Can Alternate Pagesets do what I want?
If not, then how can I achieve what I want without creating different instances of Hobbit.
Thanks
-ted
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
On Wed, Jun 07, 2006 at 03:45:38PM -0500, Ted M Harapat wrote:
My ultimate goal is to look like each client has their own hobbit setup where the client can do Availability reports and look at the Non-Green Views.
Since you're obviously concerned about keeping one customer away from another customers data (quite a worthy concern, I think), then you must look at creating separate sets of webpages for each of your customers.
Since you want the "Non-green" view to also work for each customer, I think the pageset setup is not good enough.
What I would do is to split the bb-hosts file into several files, one per customer. You can create a "master" file that just includes the customer files to get your own view of everything, but you can then use the customer-specific bb-hosts file as the input for bbgen to create the webpages. Let me explain:
You have two bb-hosts files: One for customer A, bb-hosts.A, and another for B, bb-hosts.B.
You have also setup the top-level directory where each customer gets his own Hobbit view, and configured that into your webserver with appropriate access rights, password protection etc. Let's say those are /var/www/hobbit/customerA/ and /var/www/hobbit/customerB/, accessed through the URL's http://bla.com/A-hobbit/ and http://bla.com/B-hobbit/
Now, the trick is to generate a set of Hobbit webpages for each customer. For that, you'll run the "bbgen" tool for each customer:
BBHOSTS=/home/hobbit/etc/bb-hosts.A
BBWEB=/A-hobbit
bbgen /var/www/hobbit/customerA
BBHOSTS=/home/hobbit/etc/bb-hosts.B
BBWEB=/B-hobbit
bbgen /var/www/hobbit/customerB
By selecting the customer-specific bb-hosts file when generating the webpages, bbgen automatically ignores all of the hosts that are not in the customers' bb-hosts file. (If you have some shared infrastructure hosts, you can in fact put them in both files and it will work OK). So you get a normal set of Hobbit webpages, but with links only to the customers' own hosts.
It's not completely secure, because the CGI scripts that generate the detailed status allow you to tweak the hostname in the URL, so if you know the hostname of another customers' system, then you can get the data about the host.
That's the gist of it. There is probably some issues I've missed (reporting, for instance), but I hope that will get you started.
Regards, Henrik
On Wed, 7 Jun 2006, Henrik Stoerner wrote:
It's not completely secure, because the CGI scripts that generate the detailed status allow you to tweak the hostname in the URL, so if you know the hostname of another customers' system, then you can get the data about the host.
That's the gist of it. There is probably some issues I've missed (reporting, for instance), but I hope that will get you started.
Thank you Henrik and Larry for the quick responses.
I did already try something a little more basic than this involving a shell script calling the bbgen command to create the reports on the split up bb-hosts files. It worked pretty well but it was a little too easy to end up seeing other hosts and reports in there.
So I think for ease of definite security (through separation), maintenance, and upgrades I will go with the different instances of Hobbit running on different ports.
Thanks for the great software work you've done here.
-ted
participants (3)
-
henrik@hswn.dk
-
lebarber@gmail.com
-
ted@mob.net