Open source/bare bones provisioning and management

Over the years I've seen a few guys in here mention that they run their own tools in-house for provisioning and management of Canopy gear. Right now we have a nightmare combination of Wireless Manager and some custom tools I wrote for PMP-100 and PMP-320. It's a little cumbersome, and cnMaestro is so far not living up to expectations. So, writing my own that does everything I need it to is is next on my to-do list.

I figured I should reach out and ask, first of all, what are you guys running? Is it suitable for sharing? Saving work would be great! :)

However, assuming I roll my own, would there be any interest in an open-source version? I am not a professional developer so there would likely be a bit of shoe-horning required, my code is pretty ugly, and support from me would be pretty minimal. My plan is to basically have it work like Prizm used to.

- Entirely web-based front end

- Simple provisioning
- Generation of configuration files for so-called zero-touch

- IP, VLAN, QoS, and config file pushed as RADIUS VSAs
- Redundant server support

- Basic graphing

- Some kind of integration with CNUT for upgrades

- User-configurable tags and other categories (eg. "show me APs with commercial clients")

- Basic API/NBI/whatever for integration into your intranet tools

- Notes fields for stats tracking

- Integrated troubleshooting tools maybe (trigger a link test, record the results in the DB?)

- PMP-100 and PMP-450x support

We have our own system based on freeradius with mysql for authentication/qos control. EAP-TTLS makes the problem of a missing/non recoverable sm no longer a problem. Basic setup is simple: choose your flavor of linux, grab the packages for freeradius (try to get freeradius 3.0 as it supports live changes, no service restarts to commit changes), MySQL or MariaDB and daloradius. You dont have to setup daloradiys but we do use the sql primers for simple consistency and the fact that you can use daloradius to prime the database and get the radius backend working before developing the web frontend. Be warned that epmp does not yet support radius pod or coa or enough vsa control to make what you are wanting. So no change of plan on data cap without some very intresting hacks and code. What we have done is use another server to monitor data use using MRTG,rrdtool and the routers2.cgi combination give acces to the raw numbers in a format we can use to provide data caps on a cron basis and will allow you to bring this info into your own frontend by just using the parts of the cgi script where you need them.
Its not clean nor is it the best solution but it does make it easier to work with to get what we want and on a flavor of linux that we like.

I do suggest that you use php with some cgi extensions as your framework. That way you can access the database directly and be able to send snmp commands to the sm, which now needs to have a management interface with an ip in the management network, effectively tripling your managed devices.
Cnut, we still use it because it works so well. A little heavy on the snmp useage but it can see a new sm and force the sm to upgrade to the current firmware if its not correct. It would be better if cnut could automatically detect a device thats pre 2.2 ( still seeing sm’s at 1.3 and 2.1) and step through the required order. Try to think of cnut as a seperate system that runs on its own in the corner. Update the available firmwares on it and activate devices for auto upgrade.
Zero-touch would be nice, the sms can use tftp to copy their config from the server but this does not work for eap certificates. There is no provision to get/use a public rootCA from a web address yet. The certificate must be uploaded to the sm to be used.

By the way, we have a mix of canopy 100 and epmp and though the radius vsa based plans require one for each platform ( you get weird erros and functionality if you combine the two in a single plan) both work flawlessly on the above setup.