@ -50,7 +50,7 @@ The following features are available or planned to be implmented:
|
|||||||
!!! info
|
!!! info
|
||||||
It's only possible to obtain a MAC Address if the scanner is on the same L2 network (Broadcast Domain). Within the docs you will find the different methods available to achieve this.
|
It's only possible to obtain a MAC Address if the scanner is on the same L2 network (Broadcast Domain). Within the docs you will find the different methods available to achieve this.
|
||||||
|
|
||||||
- [**ToDo** Remote Network Scanning](https://gitlab.com/nofusscomputing/projects/ansible/collections/phpipam_scan_agent/-/issues/1)
|
- Remote Network Scanning
|
||||||
|
|
||||||
- [**ToDo** Resolve DNS names](https://gitlab.com/nofusscomputing/projects/ansible/collections/phpipam_scan_agent/-/issues/4)
|
- [**ToDo** Resolve DNS names](https://gitlab.com/nofusscomputing/projects/ansible/collections/phpipam_scan_agent/-/issues/4)
|
||||||
|
|
||||||
|
|||||||
@ -38,6 +38,7 @@ nofusscomputing_phpipam_scan_agent:
|
|||||||
|
|
||||||
http_port: 5000 # Optional, Integer. http port to connect to the server.
|
http_port: 5000 # Optional, Integer. http port to connect to the server.
|
||||||
http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to.
|
http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to.
|
||||||
|
auth_token: # Optional, String. The Scan-Agent server authentication token.
|
||||||
|
|
||||||
cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache.
|
cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache.
|
||||||
epoch_time_offset: 0 # optional, int. Value in seconds to offset the time
|
epoch_time_offset: 0 # optional, int. Value in seconds to offset the time
|
||||||
@ -93,3 +94,11 @@ The scanner component has the following workflow:
|
|||||||
1. upload scan report to configured Server.
|
1. upload scan report to configured Server.
|
||||||
|
|
||||||
1. workflow complete.
|
1. workflow complete.
|
||||||
|
|
||||||
|
|
||||||
|
## Remote network Scannning
|
||||||
|
|
||||||
|
Once the [server component](server.md#remote%20network%20scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server.
|
||||||
|
|
||||||
|
!!! danger "Security"
|
||||||
|
Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server.
|
||||||
|
|||||||
@ -37,6 +37,7 @@ nofusscomputing_phpipam_scan_server:
|
|||||||
|
|
||||||
# Server Component Variables
|
# Server Component Variables
|
||||||
http_port: 5000 # Optional, Integer. The port for the Server component to listen for connections.
|
http_port: 5000 # Optional, Integer. The port for the Server component to listen for connections.
|
||||||
|
auth_token: # Optional, String. Token used to authentication Agents.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -56,3 +57,13 @@ The Server componet has the following workflow:
|
|||||||
- _if no results found, no further processing occurs_
|
- _if no results found, no further processing occurs_
|
||||||
|
|
||||||
1. Update the phpIPAM MariaDB/MySQL database directly
|
1. Update the phpIPAM MariaDB/MySQL database directly
|
||||||
|
|
||||||
|
|
||||||
|
## Remote network Scannning
|
||||||
|
|
||||||
|
Remote network scanning is possible with the Scan-Agent. The server must be setup and have connectivity to the phpIPAM MariaDB/MySQL database. Currently the server does not perform secure communication. As such you are strongly encouraged to setup the server component behind a reverse proxy that conducts the TLS termination.
|
||||||
|
|
||||||
|
The [scan](scanner.md#remote%20network%20scannning) and server component must be setup with the same `auth_token`. It is this token that provides a means to ensure that what the server is receiving, is from an authorized client.
|
||||||
|
|
||||||
|
!!! danger "Security"
|
||||||
|
Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server.
|
||||||
|
|||||||
@ -6,6 +6,7 @@
|
|||||||
ansible.eda.webhook:
|
ansible.eda.webhook:
|
||||||
host: 0.0.0.0
|
host: 0.0.0.0
|
||||||
port: "{{ nofusscomputing_phpipam_scan_server.http_port | default(5000) | int }}"
|
port: "{{ nofusscomputing_phpipam_scan_server.http_port | default(5000) | int }}"
|
||||||
|
token: "{{ nofusscomputing_phpipam_scan_server.auth_token | default('no-token-set') }}"
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
|
|
||||||
|
|||||||
@ -16,3 +16,5 @@ nofusscomputing_phpipam_scan_agent:
|
|||||||
client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token]
|
client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token]
|
||||||
client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
|
client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
|
||||||
scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]
|
scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]
|
||||||
|
|
||||||
|
# auth_token: # Optional, String. The Scan-Agent server authentication token.
|
||||||
|
|||||||
@ -11,3 +11,5 @@ nofusscomputing_phpipam_scan_server:
|
|||||||
|
|
||||||
# Server Component Variables
|
# Server Component Variables
|
||||||
# http_port: 5000 # Optional, Integer. The port for the Server component to listen for connections.
|
# http_port: 5000 # Optional, Integer. The port for the Server component to listen for connections.
|
||||||
|
|
||||||
|
# auth_token: # Optional, String. Token used to authentication Agents.
|
||||||
@ -67,6 +67,8 @@
|
|||||||
|
|
||||||
- name: Upload Scan Results - {{ subnet.address }}
|
- name: Upload Scan Results - {{ subnet.address }}
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
|
headers:
|
||||||
|
Authorization: "Bearer {{ nofusscomputing_phpipam_scan_agent.auth_token | default('no-token-set') }}"
|
||||||
url: "{{
|
url: "{{
|
||||||
nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server)
|
nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server)
|
||||||
}}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/"
|
}}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/"
|
||||||
|
|||||||
Reference in New Issue
Block a user