| 3 | = Cacti Server and Remote Host Setup = |
| 4 | == Initial Cacti Server Setup == |
| 5 | ''This part needs to be done only once'' |
| 6 | |
| 7 | Create a new user named 'cacti' to run the ssh tunnels |
| 8 | {{{ |
| 9 | ###create the user and home directory -m = make home directory |
| 10 | pw useradd cacti -m |
| 11 | ###set the password for cacti |
| 12 | passwd cacti |
| 13 | }}} |
| 14 | |
| 15 | Create the private/public key for authentication |
| 16 | {{{ |
| 17 | ###This should be run from the cacti server logged in as the cacti user |
| 18 | ###Press enter twice to accept the defaults. Use no pass phrase. |
| 19 | ssh-keygen -t rsa |
| 20 | }}} |
| 21 | |
| 22 | Create a bash script to open up the ssh tunnels. We need to figure out the best way to close the |
| 23 | tunnels before this script runs once we have many SilverFile boxes to monitor. If the script is run while |
| 24 | the existing tunnels are open, additional tunnels will be opened up which will get messy. |
| 25 | Perhaps a perl or python script would be better for this. |
| 26 | {{{ |
| 27 | ###This should be run from the cacti server logged in as the cacti user. |
| 28 | #!/bin/sh |
| 29 | rm /home/cacti/tunnel.log |
| 30 | ###Server1.remotesilverfilebox.com |
| 31 | ### Each additional SilverFile box will get an entry like this one. The tunnel port number will |
| 32 | ###increase by one and the box address will be unique. |
| 33 | ssh -N -L 16000:127.0.0.1:161 snmp@server1.remotesilverfilebox.com >> /home/cacti/tunnel.log & |
| 34 | ###Example of next remote host |
| 35 | ###ssh -N -L 16001:127.0.0.1:161 snmp@server2.remotesilverfilebox.com >> /home/cacti/tunnel.log & |
| 36 | }}} |
| 37 | |
| 38 | That's it until we have a remote host to monitor. |
| 39 | |
| 40 | == Remote Host setup == |
| 41 | Setup snmp and a no-login user to tranfer the data to the Cacti server |
| 42 | |
| 43 | Install snmp and some snmp utilities |
| 44 | {{{ |
| 45 | ###Install snmp and run it as a daemon |
| 46 | apt-get install snmpd |
| 47 | ###Optional, intall some tools to use for testing if you want |
| 48 | apt-get install snmp |
| 49 | }}} |
| 50 | Create a backup of the conf file and add our settings |
| 51 | {{{ |
| 52 | ###Make a copy of the original |
| 53 | cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig |
| 54 | ###Edit snmpd.conf |
| 55 | vim /etc/snmp/snmpd.conf |
| 56 | }}} |
| 57 | Change (or comment out and add a new line) the line starting with com2sec so it reads: |
| 58 | com2sec readonly default public (where public is the name of our community string) |
| 59 | And add the following line to switch the port from upd to tcp |
| 60 | agentaddress tcp:161 |
| 61 | |
| 62 | Restart the snmpd daemon |
| 63 | {{{ |
| 64 | /etc/init.d/snmpd restart |
| 65 | }}} |
| 66 | Optional: Test that snmp is producing data |
| 67 | {{{ |
| 68 | snmpwalk -v 1 -c public tcp:localhost:161 |
| 69 | }}} |
| 70 | Make a new user for the ssh tunnel to connect to. |
| 71 | {{{ |
| 72 | ###add a regular user w/login for now. We'll remove login-ability later |
| 73 | adduser snmp |
| 74 | ###Give snmp a password for now. write it down for later. |
| 75 | passwd snmp |
| 76 | }}} |
| 77 | That's all on the remote client for now. |
| 78 | |
| 79 | == Setup access to remote hosts from the cacti server == |
| 80 | |
| 81 | Login as the ssh tunnel user and copy the public rsa key to the remote host. |
| 82 | {{{ |
| 83 | ###While logged in as ssh tunnel user. |
| 84 | ###This will connect to the remote host, create the ~/.ssh directory on the remote host and create then write |
| 85 | ###the public rsa key to the file ~/.ssh/authorized_keys. If the authorized_keys file already exists the key will |
| 86 | ###be appended to the file. |
| 87 | cat ~/.ssh/id_rsa.pub | ssh snmp@krs.bit-box.com 'mkdir .ssh && cat >>.ssh/authorized_keys' |
| 88 | }}} |
| 89 | |
| 90 | Edit the tunnels.ssh file by adding the new host in a line similar to the others. Increase the 16000 range port by |
| 91 | one and use the new host's url. Save the file. make the file executable |
| 92 | {{{ |
| 93 | chmod +x tunnels.sh |
| 94 | }}} |
| 95 | |
| 96 | At this point it might be best to just initiate the tunnel from the command line. Once we get a script that |
| 97 | will kill all the existing tunnels and then re-establish them all we'll be able to just run the script. For now |
| 98 | Just copy the line you added to the script and run it from the command line. |
| 99 | |
| 100 | Now just log into the Cacti web-admin and configure the new client. Click on Devices and add a new device. The settings should be: |
| 101 | Description: server1.silverfilecorp.com |
| 102 | Hostname: tcp:127.0.0.1 |
| 103 | Host Template: ucd/net SNMP Host |
| 104 | SNMP Community: public |
| 105 | SNMP Version: Version 2 |
| 106 | SNMP Port: 16000 |
| 107 | |
| 108 | Make sure you put in the specific Description, Community and the SNMP Port for that host. |
| 109 | |
| 110 | Next configure the graphs you want. Seperate wiki |
| 111 | |
| 112 | |
| 113 | |
| 114 | |
| 115 | |
| 116 | |
| 117 | |
| 118 | |
| 119 | |
| 120 | |