UNIX Password, Roles & Node Management: Inventory CGI

Inventory CGI

The Inventory CGI componant of Password Management provides a graphical inteface to your active and inactive inventory via web-based CGIs. It allows for easy navigation and association of data across all your nodes.

The entire CGI system is based on top of R: all inventory information, as well as ancillary data, is provided to the CGI via R handlers. Data from R is passed back to the user pretty much as-is.

Quick Setup

First, ensure that R is working correctly, and that the proper URI_PREFIX is set in the pwman.inv.r.url property.

Next, you'll need to configure your webserver. (Note: the only webserver configuration listed here is Apache's httpd, simply because it's the one R was written in mind for. Because R is pure CGI, there's nothing preventing it from being used by other webservers; they're not listed because Apache is pretty ubiquitous, and the author didn't have access to N webservers to test on.)

Sample httpd.conf configuration

The following is the barebones of what you need to get your Inventory CGI instance working underneath Apache's httpd. Insert this into the appropriate <VirtualHost> directive, after changing the pathing to be whereever you installed your Password Management instance into.

  ScriptAlias /cgi-bin/ "/opt/password_management/cgi-bin/"
  <Directory "/opt/password_management/cgi-bin/">
    DirectoryIndex  index.cgi
    AllowOverride   None
    Options         ExecCGI
    Order   allow,deny
    Allow   from all
    ## here-ish you'd want to put in some Auth directives. 

You can, of course, add in Auth directives inside the <Directory> block.

Available R handlers

All information about a node is obtained via R's node handler. If you want, you can have the Inventory CGI query additional R handlers for more information about a node. For example, you can enable the node/revisions handler to show the last 5 or 6 revisions of the node's NCF, or enable the dns handler to query A, PTR and TXT records. Or whatever R handlers are available.

To get a list of available, advertised R handlers, load up the capability handler into a browser:


...where URI_PREFIX is the R URL found in the pwman.r.url property.

To configure the Inventory CGI to use the R handlers you want, you need to modify the pwman.inv.r.handler_list property. It's syntax is thus:

  pwman.inv.r.handler_list = handler_name[/color] [, handler_name[/color]]...

...where handler_name is the name of the R handler you want to use, and color is the color scheme you want it displayed in. If color is omitted, it will default to blue.

Available configuration options

The following configuration options are available to the Inventory CGIs.

A valid R instance. The CGIs will use this instance to perform remote operations on. Defaults to the value set at pwman.r.uri_prefix, but this may not be what you want.

The user to authenticate with against the R instance specified at pwman.inv.r_instance. You need to set this if the R instance you're talking to is password-protected. Note this is related to pwman.r.remote.user, which is the comparison value. There is no default.

The password to authenticate with aginst the R instance specified at pwman.inv.r_instance. There is no default.

A list of R handlers that we will attempt to execute when showing a node. The list is order-specific: they will be displayed in the order shown here (but not executed nessecarly in this order). There is no default.
The name of the CGI. This gets prefixed to most titles and headers. There is no default for this property. It is preset to UNIX Node Inventory.

The absolute URL for the CGI interface. This value should not have a trailing slash /. There is no default for this property. It is preset to, which is where the Inventory CGIs were written.

The absolute URL for the CGIs. This value should not have a trailing slash /. Defaults to pwman.inv.url/cgi-bin.

Absolute pathname of the visual plugin directory. Defaults to $Bin/../plugins. It is preset to %%pwman.base_dir%%/cgi-bin/plugins.

Where the plugins will write their temporary files to. This directory will attempt to be created if it doesn't exist; it should be somewhere where the userid the webserver is running has write access to. Defaults to /tmp/.g_fork/plugin_temp.

The number of simultaneous children to run when executing the visual plugin set. Be careful setting this - too high, and your webserver may exhaust all your system resources. Defaults to 4.

The maximum amount of time to wait for a visual plugin to run, in seconds. If this is exceeded, the child will be terminated and the output ignored. Defaults to 10.

The default seperator for the dump_csv.cgi. (Note: this CGI is very deprecated with the advent of R, but we keep it around for the execs.) Defaults to |.

The default MIME format for the (deprecated) dump_csv.cgi. Defaults to text/csv.

The nameof the file sent to the client when a dump is successful. Defaults to inventory_dump.csv.

How empty data for tags should be displayed, if the user wants to see them as an error. See also: 'perldoc -f sprintf'. Defaults to ERR_NO_%s, where %s is the name of the tag.

See Also

R, the Covad::Pwman::Properties manpage, the Covad::Pwman::R_Client manpage, the Parallel::ForkManager manpage, the LWP::UserAgent manpage


Jon Gilbert <>


$Id: pwman_docs_cgi.pod,v 1.1 2005/10/20 07:48:31 jgilbertsjc Exp $ Logo