close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Version 3 and Version 4 of administration/cacti


Ignore:
Timestamp:
Apr 10, 2009, 11:40:52 PM (13 years ago)
Author:
greg
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • administration/cacti

    v3 v4  
    11monitor.silverfilecorp.com:2240
    22(no login yet, need to get into sudoers)
     3= Cacti Server and Remote Host Setup =
     4== Initial Cacti Server Setup ==
     5''This part needs to be done only once''
     6
     7Create a new user named 'cacti' to run the ssh tunnels
     8{{{
     9###create the user and home directory -m = make home directory
     10pw useradd cacti -m
     11###set the password for cacti
     12passwd cacti
     13}}}
     14
     15Create the private/public key for authentication
     16{{{
     17###This should be run from the cacti server logged in as the cacti user
     18###Press enter twice to accept the defaults. Use no pass phrase.
     19ssh-keygen -t rsa
     20}}}
     21
     22Create a bash script to open up the ssh tunnels. We need to figure out the best way to close the
     23tunnels before this script runs once we have many SilverFile boxes to monitor. If the script is run while
     24the existing tunnels are open, additional tunnels will be opened up which will get messy.
     25Perhaps a perl or python script would be better for this.
     26{{{
     27###This should be run from the cacti server logged in as the cacti user.
     28#!/bin/sh
     29rm /home/cacti/tunnel.log
     30###Server1.remotesilverfilebox.com
     31### Each additional SilverFile box will get an entry like this one. The tunnel port number will
     32###increase by one and the box address will be unique.
     33ssh -N -L 16000:127.0.0.1:161 snmp@server1.remotesilverfilebox.com >> /home/cacti/tunnel.log &
     34###Example of next remote host
     35###ssh -N -L 16001:127.0.0.1:161 snmp@server2.remotesilverfilebox.com >> /home/cacti/tunnel.log &
     36}}}
     37
     38That's it until we have a remote host to monitor.
     39
     40== Remote Host setup ==
     41Setup snmp and a no-login user to tranfer the data to the Cacti server
     42
     43Install snmp and some snmp utilities
     44{{{
     45###Install snmp and run it as a daemon
     46apt-get install snmpd
     47###Optional, intall some tools to use for testing if you want
     48apt-get install snmp
     49}}}
     50Create a backup of the conf file and add our settings
     51{{{
     52###Make a copy of the original
     53cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
     54###Edit snmpd.conf
     55vim /etc/snmp/snmpd.conf
     56}}}
     57Change (or comment out and add a new line) the line starting with com2sec so it reads:
     58  com2sec readonly default public (where public is the name of our community string)
     59And add the following line to switch the port from upd to tcp
     60   agentaddress tcp:161
     61
     62Restart the snmpd daemon
     63{{{
     64/etc/init.d/snmpd restart
     65}}}
     66Optional: Test that snmp is producing data
     67{{{
     68snmpwalk -v 1 -c public tcp:localhost:161
     69}}}
     70Make a new user for the ssh tunnel to connect to.
     71{{{
     72###add a regular user w/login for now. We'll remove login-ability later
     73adduser snmp
     74###Give snmp a password for now. write it down for later.
     75passwd snmp
     76}}}
     77That's all on the remote client for now.
     78
     79== Setup access to remote hosts from the cacti server ==
     80
     81Login as the ssh tunnel user and copy the public rsa key to the remote host.
     82{{{
     83###While logged in as ssh tunnel user.
     84###This will connect to the remote host, create the ~/.ssh directory on the remote host and create then write
     85###the public rsa key to the file ~/.ssh/authorized_keys. If the authorized_keys file already exists the key will
     86###be appended to the file.
     87cat ~/.ssh/id_rsa.pub | ssh snmp@krs.bit-box.com 'mkdir .ssh && cat >>.ssh/authorized_keys'
     88}}}
     89
     90Edit the tunnels.ssh file by adding the new host in a line similar to the others. Increase the 16000 range port by
     91one and use the new host's url. Save the file. make the file executable
     92{{{
     93chmod +x tunnels.sh
     94}}}
     95
     96At this point it might be best to just initiate the tunnel from the command line. Once we get a script that
     97will kill all the existing tunnels and then re-establish them all we'll be able to just run the script. For now
     98Just copy the line you added to the script and run it from the command line.
     99
     100Now just log into the Cacti web-admin and configure the new client. Click on Devices and add a new device. The settings should be:
     101Description: server1.silverfilecorp.com
     102Hostname: tcp:127.0.0.1
     103Host Template: ucd/net SNMP Host
     104SNMP Community: public
     105SNMP Version: Version 2
     106SNMP Port: 16000
     107
     108Make sure you put in the specific Description, Community and the SNMP Port for that host.
     109
     110Next configure the graphs you want. Seperate wiki
     111
     112
     113
     114
     115
     116
     117
     118
     119
     120