RANCID/WebSVN CentOS Howto

Tags

centos, network management, RANCID, websvn

Note:
1. Commands preceded with “$” imply that you should execute the command as a general user – not as root.
2. Commands preceded with “#” imply that you should be working as the root user.

Install Rancid

# yum install rancid

Configuration

1. Edit /etc/rancid/rancid.conf

# vi /etc/rancid/rancid.conf

2. Find this line in rancid.conf:

#LIST_OF_GROUPS=”sl joebobisp”

And, underneath it add the following line:

LIST_OF_GROUPS=”bdnog”

We want to use Subversion for our Version Control System, and not CVS, so find the line with the parameter RCSSYS:

RCSSYS=cvs; export RCSSYS

And, change it to:

RCSSYS=svn; export RCSSYS

and the line with CVSROOT:

CVSROOT=$BASEDIR/CVS; export CVSROOT

And, change it to:

CVSROOT=$BASEDIR/svn; export CVSROOT

Note the lowercase “svn”. Now exit and save the file.

3. Change to the rancid user:

# su -s /bin/bash rancid

Check that you ARE the rancid user:

$ id

4. Create /var/rancid/.cloginrc

$ vi /var/rancid/.cloginrc 
add user *.bdnog.org ssh_username
add password *.bdnog.org ssh_user_pass enable_pass
add method *.bdnog.org ssh

Note: You can also add IP address if you like to backup specific router/switch

add password 10.156.1.1 {user_password} {enable_password}

$ chown rancid:rancid /var/rancid/.cloginrc 
$ chmod 600 /var/rancid/.cloginrc

5. Test login to the router of your group:

$ /usr/libexec/rancid/clogin rtrX.bdnog.org

[After successful execution, you will be login to router enable mode]

6. Initialize the SVN repository for rancid:

$ /usr/libexec/rancid/rancid-cvs

7. Create the router.db file:

$ vi /var/rancid/bdnog/router.db

Add this line. Replace X with your group no.

rtrX.bdnog.org:cisco:up

8. Run rancid!

$ /usr/libexec/rancid/rancid-run

9. Look at the configs. The backed up configs will be saved in /var/rancid/<GROUP_NAME>/configs. In our cases group name is “bdnog”:

$ cd /var/rancid/bdnog/configs
$ less rtrX.bdnog.org

10. Check the rancid log files:

$ cd /var/log/rancid
$ ls -ll

Email Alert Configuration

1. Edit /etc/rancid/rancid.conf

Add this to the /etc/aliases file: (group names have to be named rancid-admin-<group listed in rancid.conf file) and rancid-<group listed in rancid.conf file>)

# Groups for rancid
rancid-admin-all: noc@bdnog.org
rancid-all: noc@bdnog.org

Save the file and run

#newaliases

CRON Schedule

1. For automated backup, you can setup CRON schedule. Please note that cron need to configured under user RANCID.

# su -s /bin/bash rancid
# crontab -e
# m h dom mon dow command
0 0 * * * /usr/libexec/rancid/rancid-run g

Install WEBSVN

# yum install websvn

Configuration

1. Fix permissions. The web server must be able to read the SVN (Subversion) folder

# chgrp -R apache /var/rancid/svn
# chmod g+w -R /var/rancid/svn

2. Change ownership of web files:

# chown apache:apache /usr/share/websvn

3. Add the following virtual host entry to your apache configuration file /etc/httpd/conf.d/websvn.conf:

Alias /websvn /usr/share/websvn
<Directory /usr/share/websvn/>
 DirectoryIndex index.php
 Options FollowSymLinks
 Options FollowSymLinks MultiViews
 Order allow,deny
 Allow from all
 <IfModule mod_php4.c>
 php_flag magic_quotes_gpc Off
 php_flag track_vars On
 </IfModule>
</Directory>

5. Reload apache and try to browse the websvn: http://<ip_address>/websvn.

Check you can access the WebSVN.

6. Now we add RANCID repository sites. Edit websvn configuration file.

# vi /usr/share/websvn/include/config.php
// Local repositories (without and with optional group):
// 
$config->addRepository(‘BDNOG’, ‘file:///var/rancid/svn/’);

Observium CentOS Howto

Tags

centos, network management, observium

Introduction

This guide whill show you how to perform an Observium installation on an CentOS/RHEL/Scientific Linux (referred to collectively as Enterprise Linux or EL) box. In this example, we use also a clean installation of EL.

Repositories

For more extended packagelist, we first install the RPM Forge and EPEL repositories:

x86_64

# rpm —import http://apt.sw.be/RPM-GPG-KEY.dag.txt
# rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

i386

# rpm —import http://apt.sw.be/RPM-GPG-KEY.dag.txt
# rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i386.rpm
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Packages

Now let’s install the needed packages for Observium:

# yum install httpd php php-mysql php-gd php-snmp vixie-cron php-mcryp php-pear net-snmp net-snmp-utils graphviz subversion mysql-server mysql rrdtool fping ImageMagick jwhois nmap ipmitool php-pear.noarch MySQL-python

On x86_64 systems this will tend to try to install i386 packages too unless you’ve explicitly blocked them, so you can try to install the x86_64 packages only:

# yum install httpd.x86_64 php.x86_64 php-mysql.x86_64 php-gd.x86_64 php-snmp.x86_64 vixie-cron.x86_64 php-mcrypt.x86_64 net-snmp.x86_64 net-snmp-utils.x86_64 graphviz.x86_64 subversion.x86_64 mysql-server.x86_64 mysql.x86_64 rrdtool.x86_64 fping.x86_64 ImageMagick.x86_64 jwhois.x86_64 nmap.x86_64 ipmitool.x86_64 php-pear.noarch MySQL-python.x86_64

Press y to confirm installation.

Install PEAR:

# pear install Net_IPv6
# pear install Net_IPv4

Downloading

# mkdir /opt/observium
# cd /opt
# wget http://www.observium.org/observium-community-latest.tar.gz
# tar zxvf observium-community-latest.tar.gz

Configuration

Change into the new install directory:

# cd observium

Database

Now we are going to install the mysql database. Because we have a clean install, we need to configure a root password to the mysqld:

# service mysqld start
# /usr/bin/mysqladmin -u root password ‘yournrewrootpassword’

Now enter mysql to create the new Observium database:

mysql -u root -p   <mysql root password>
mysql> CREATE DATABASE observium;
mysql> GRANT ALL PRIVILEGES ON observium.* TO ‘observium’@’localhost’ IDENTIFIED BY ‘<observium db password>’;
exit;

Configuration

Firstly, disable SELinux. You can do this temporarily with the following command:

# setenforce 0

We need to disable SELinux permanently, so you also need to change /etc/selinux/config so that the SELINUX option is set to permissive

# vi /etc/selinux/config
SELINUX=permissive

Copy the default configuration file and edit it for your system:

# cp config.php.default config.php

Edit config.php. Change the options to reflect your installation.

// Database config
$config[‘db_host’] = “localhost”;
$config[‘db_user’] = “observium”;
$config[‘db_pass’] = “<observium db password>”;
$config[‘db_name’] = “observium”;

Setup the MySQL database and insert the default schema:

# php includes/update/update.php

It is OK to have some errors in the SQL revisions up to 006.

Create the rrd directory to store RRDs in:

# mkdir rrd
# chown apache:apache rrd

If the server will be running *only* Observium, change /etc/httpd/conf/httpd.conf default to :

# vi /etc/httpd/conf/httpd.conf  <VirtualHost *:80>
DocumentRoot /opt/observium/html/
ServerName  observium.domain.com
CustomLog /opt/observium/logs/access_log combined
ErrorLog /opt/observium/logs/error_log
<Directory “/opt/observium/html/”>
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
</VirtualHost>

Create logs directory for apache

# mkdir /opt/observium/logs
# chown apache:apache /opt/observium/logs
# /etc/init.d/httpd restart

Add a first user, use level of 10 for admin:

# cd /opt/observium
# ./adduser.php <username> <password> <level>

Add a first device to monitor. You need to add related hostname in your DNS or /etc/hosts file.

# vi /etc/hosts
192.168.1.1  server0X.bdnog.org
[replace x with group no]
# ./add_device.php <hostname> <community> v2c

Do an initial discovery and polling run to populate the data for the new device:

# ./discovery.php -h all   ./poller.php -h all

Cron

Add cron jobs, create a new file /etc/cron.d/observium with the following contents:

3  */6   * * *   root    /opt/observium/discovery.php -h all » /dev/null 2>&1
*/5 *     * * *   root    /opt/observium/discovery.php -h new » /dev/null 2>&1
*/5 *     * * *   root    /opt/observium/poller.php -h all » /dev/null 2>&1

And reload the cron process:

# /etc/init.d/cron reload

Please note running only a single poller instance is good for initial testing, but do check the Performance tuning page for further performance enhancing options once you get going.

Final Points

You should now be able to see http://<server ip>

If everything works, let’s set the httpd and mysqld to startup when we reboot the server:

# chkconfig mysqld on
# chkconfig httpd on

Troubleshooting

Error 1: Could not ping <hostname>

Solution: Check fping location at /opt/observium/includes/defaults.inc.php file.

# whereis fping
# ln -s /usr/sbin/fping /usr/bin/fping

Error 2:  PHP Warning:  PHP Startup: Unable to load dynamic library ‘/usr/lib64/php/modules/module.so’

Solution: Edit /etc/php.d/mcrypt.ini

 ; Enable mcrypt extension module
extension=module.so

to

 ; Enable mcrypt extension module
extension=mcrypt.so

 Source: http://www.observium.org/wiki/RHEL_Installation

CentOS Local Mirror

Tags

centos, CentOS mirror, dhakacom

dhakaCom is now hosting local mirror of CentOS. All the CentOS lover can download latest IOS from there. Bellow is the link:

FTP: ftp://mirror.dhakacom.com/centos/
HTTP: http://mirror.dhakacom.com/centos/

You can configure your /etc/yum.repos.d/CentOS-Base.repo to take the update from dhakaCom mirror server.

[root@miror html]# vi /etc/yum.repos.d/CentOS-Base.repo

[base]
name=CentOS – Base
baseurl=http://mirror.dhakacom.com/centos/5.5/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.dhakacom.com/centos/5.5/os/$basearch/RPM-GPG-KEY-CentOS-5

#released updates
[update]
name=CentOS – Updates
baseurl=http://mirror.dhakacom.com/centos/5.5/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.dhakacom.com/centos/$releasever/os/$basearch/RPM-GPG-KEY-CentOS-5

#released extras
[extras]
name=CentOS – Extras
baseurl=http://mirror.dhakacom.com/centos/5.5/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.dhakacom.com/centos/5.5/os/$basearch/RPM-GPG-KEY-CentOS-5

#released CentOSPlus
[centosplus]
name=CentOS – CentOSPlus
baseurl=http://mirror.dhakacom.com/centos/5.5/centosplus/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://mirror.dhakacom.com/centos/5.5/os/$basearch/RPM-GPG-KEY-CentOS-5

nfdump & nfsen installation guide

Tags

centos, linux, netflow, network management, nfdump, nfsen

Download Link:
http://nfdump.sourceforge.net/
http://nfsen.sourceforge.net/

nfdump installation:
Install RRDTool and flex (required for nfdump to compile)

# yum install perl-rrdtool rrdtool rrdtool-devel flex

Extract, and compile as follows (your rrdpath may differ, use which rrdtool):

# ./configure —enable-nfprofile —with-rrdpath=/usr/bin
# make
# make install

nfsen installation:
Extract and make a copy of the etc/nfsen-dist.conf and call it nfsen.conf

For CentOS 5.3, with a standard Apache install, the following changes can to be made to the nfsen.conf. Some are optional, but the user, wwwuser and wwwgroup are mandatory.

$BASEDIR = “/usr/local/nfsen”;
$HTMLDIR    = “/var/www/html/nfsen/”;
$USER    = “apache”;
$WWWUSER  = “apache”;
$WWWGROUP = “apache”;

Remove the default sample netflow devices, and add you own. The syntax  is fairly self explanatory: the name of the device, what port it’s  sending flows to, the colour which will represent the device on the web  interface, and the type.

‘COREROUTER’  => { ‘port’    => ‘9996’, ‘col’ => ‘#ff0000’, ‘type’ => ‘netflow’  }, 

Run the install script

# ./install.pl etc/nfsen.conf

The control script is located in /usr/local/nfsen/bin/nfsen.

NfSen will automatically configure and start the necessary nfdump processes. Start the nfsen process

# ./nfsen start

Now you should be able to browse to http://yourserver/nfsen/nfsen.php  and see a bunch of empty graphs, which will hopefully be populated with  many pretty colours over time.

Last thing we can do is set nfsen.php to be the default page for /nfsen in Apache. Create and edit /etc/httpd/conf.d/nfsen.conf

DirectoryIndex nfsen.php