I have 11 openwrt-based accesspoints in the building. Sometimes I need to add a virtual network with custom password. I don't like to iterate through accesspoints to change parameters. This is difficult and generate mistakes.
I would love to have a dedicated server (a virtual machine) that would keep and update all configuration. Is there a solution for that?
I know I can create a script that generates a configuration for each accesspoint and then scp it to all devices but before I do anything from scratch, I'll rather ask here. I don't plan to reinvent the wheel (unless the wheel is in fact no invented). I feel the simultaneous configuration is quite a common problem in a typical network with accesspoints.
Update: this is not only problem of passwords – this would be solved using Radius server but Radius cannot solve some other things like:
- creating new essids
- assigning essids to vlans
- enabling/disabling essid broadcasting
- etc., etc., etc.
You asked: "OpenWrt configuration on the remote server: Is there a solution for that?"
I'm daily dealing with more than 80 OpenWRT boxes (three hardware platform running a mix of Backfire (some), Attitude Adjustment (most of them) and Barrier Braker (some)) and... last year I started searching deeply about a "configuration management" platform, suited for OpenWRT.
Here below, my findings:
OpenWISP: in my opinion, it's very promising. They have built a "custom" firmware (nothing more than the "stock" one with some bash script added and a custom-list of already-installed packages) that, once flashed, simply "connect" (via OpenVPN client) to the central server and download the configuration to apply locally. There are also a nice web-interface by which you can easily "deploy" new APs. Unfortunately it's not perfect: "templates" (of configurations), for example, can be defined and applied but.... afterwards, changes in the template will NOT be pushed to child APs. Also, the whole management software stack is written in Ruby (and Rails) and... this could be a problem, if you don't "master" those languages/platforms. When we tested it, it was based on Backfire. Now, if I'm right, it's available also for updated release (Attitude or Barrier, I don't remember). Also, the website is surely not much updated so... refer to the GitHub repository for detailed info. In short: it definitely worth a look.
Sci-Fi: a platform developed by a Brasilian University (as far as I understand... as the documentation seems brasilian) that seems interesting. It's slightly old (a couple of year) but, again, seems interesting. The management platform is JavaEE (JBoss) with PostgreSQL as backend. It should be able --if I'm right-- to be adopted on top of stock firmware
AirKey: they declare themselves with: "AirKey is a central management platform for OpenWRT based access points.". I haven't investigated much, as it's not much updated (last update, 4 year ago!)
CarrierWRT, also, even if not strictly related to central-management, could be of some interest. Here, as far as I remember, one of the show-stopper is the limited hardware supported (but, please, check yourself).
As you said: "I don't plan to reinvent the wheel (unless the wheel is in fact no invented)", you might be tempted to build something on your own. In such a case, please take into account that:
After the all of this, I ended deciding that... it was time to switch to an "official" configuration-management-platform and, as for the tipical constraint of the OpenWRT platform, my choice is Ansible as it can be run on top of SSH and has no other serious dependencies. There are something already built for such scenarios (check here and here) but I still have to test it.
So I agree with @Michael Hampton's comment "Ansible is pretty close to ideal for this" and in my opinion, should be the first thing to evaluate as, after all, you can really consider your single OpenWRT box as a common linux system to be managed with a "common" configuration management engine.
About OpenWISP, now there's a new manager software not ruby dependable, the installation is pretty straightforward: OpenWISP 2 Controller
You may also integrate it in your existing django project by extending its main module: django-netjsonconfig.
Also you don't need to compile a new openwisp firmware for your routers, you may just install the configuration component which makes your current openwrt installation be provisioned by the manager: openwisp-config.
You may install that component, for example, by issuing the following command:
Regards!
Cassio
This isn't exactly the answer to your question, but you might want to consider RADIUS as the authentication mechanism, instead of updating the config of each AP. AFAIU you need flexible user/password configuration.