| | 3 | = Cacti Server and Remote Host Setup = |
| | 4 | == Initial Cacti Server Setup == |
| | 5 | ''This part needs to be done only once'' |
| | 6 | |
| | 7 | Create a new user named 'cacti' to run the ssh tunnels |
| | 8 | {{{ |
| | 9 | ###create the user and home directory -m = make home directory |
| | 10 | pw useradd cacti -m |
| | 11 | ###set the password for cacti |
| | 12 | passwd cacti |
| | 13 | }}} |
| | 14 | |
| | 15 | Create the private/public key for authentication |
| | 16 | {{{ |
| | 17 | ###This should be run from the cacti server logged in as the cacti user |
| | 18 | ###Press enter twice to accept the defaults. Use no pass phrase. |
| | 19 | ssh-keygen -t rsa |
| | 20 | }}} |
| | 21 | |
| | 22 | Create a bash script to open up the ssh tunnels. We need to figure out the best way to close the |
| | 23 | tunnels before this script runs once we have many SilverFile boxes to monitor. If the script is run while |
| | 24 | the existing tunnels are open, additional tunnels will be opened up which will get messy. |
| | 25 | Perhaps a perl or python script would be better for this. |
| | 26 | {{{ |
| | 27 | ###This should be run from the cacti server logged in as the cacti user. |
| | 28 | #!/bin/sh |
| | 29 | rm /home/cacti/tunnel.log |
| | 30 | ###Server1.remotesilverfilebox.com |
| | 31 | ### Each additional SilverFile box will get an entry like this one. The tunnel port number will |
| | 32 | ###increase by one and the box address will be unique. |
| | 33 | ssh -N -L 16000:127.0.0.1:161 snmp@server1.remotesilverfilebox.com >> /home/cacti/tunnel.log & |
| | 34 | ###Example of next remote host |
| | 35 | ###ssh -N -L 16001:127.0.0.1:161 snmp@server2.remotesilverfilebox.com >> /home/cacti/tunnel.log & |
| | 36 | }}} |
| | 37 | |
| | 38 | That's it until we have a remote host to monitor. |
| | 39 | |
| | 40 | == Remote Host setup == |
| | 41 | Setup snmp and a no-login user to tranfer the data to the Cacti server |
| | 42 | |
| | 43 | Install snmp and some snmp utilities |
| | 44 | {{{ |
| | 45 | ###Install snmp and run it as a daemon |
| | 46 | apt-get install snmpd |
| | 47 | ###Optional, intall some tools to use for testing if you want |
| | 48 | apt-get install snmp |
| | 49 | }}} |
| | 50 | Create a backup of the conf file and add our settings |
| | 51 | {{{ |
| | 52 | ###Make a copy of the original |
| | 53 | cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig |
| | 54 | ###Edit snmpd.conf |
| | 55 | vim /etc/snmp/snmpd.conf |
| | 56 | }}} |
| | 57 | Change (or comment out and add a new line) the line starting with com2sec so it reads: |
| | 58 | com2sec readonly default public (where public is the name of our community string) |
| | 59 | And add the following line to switch the port from upd to tcp |
| | 60 | agentaddress tcp:161 |
| | 61 | |
| | 62 | Restart the snmpd daemon |
| | 63 | {{{ |
| | 64 | /etc/init.d/snmpd restart |
| | 65 | }}} |
| | 66 | Optional: Test that snmp is producing data |
| | 67 | {{{ |
| | 68 | snmpwalk -v 1 -c public tcp:localhost:161 |
| | 69 | }}} |
| | 70 | Make a new user for the ssh tunnel to connect to. |
| | 71 | {{{ |
| | 72 | ###add a regular user w/login for now. We'll remove login-ability later |
| | 73 | adduser snmp |
| | 74 | ###Give snmp a password for now. write it down for later. |
| | 75 | passwd snmp |
| | 76 | }}} |
| | 77 | That's all on the remote client for now. |
| | 78 | |
| | 79 | == Setup access to remote hosts from the cacti server == |
| | 80 | |
| | 81 | Login as the ssh tunnel user and copy the public rsa key to the remote host. |
| | 82 | {{{ |
| | 83 | ###While logged in as ssh tunnel user. |
| | 84 | ###This will connect to the remote host, create the ~/.ssh directory on the remote host and create then write |
| | 85 | ###the public rsa key to the file ~/.ssh/authorized_keys. If the authorized_keys file already exists the key will |
| | 86 | ###be appended to the file. |
| | 87 | cat ~/.ssh/id_rsa.pub | ssh snmp@krs.bit-box.com 'mkdir .ssh && cat >>.ssh/authorized_keys' |
| | 88 | }}} |
| | 89 | |
| | 90 | Edit the tunnels.ssh file by adding the new host in a line similar to the others. Increase the 16000 range port by |
| | 91 | one and use the new host's url. Save the file. make the file executable |
| | 92 | {{{ |
| | 93 | chmod +x tunnels.sh |
| | 94 | }}} |
| | 95 | |
| | 96 | At this point it might be best to just initiate the tunnel from the command line. Once we get a script that |
| | 97 | will kill all the existing tunnels and then re-establish them all we'll be able to just run the script. For now |
| | 98 | Just copy the line you added to the script and run it from the command line. |
| | 99 | |
| | 100 | Now just log into the Cacti web-admin and configure the new client. Click on Devices and add a new device. The settings should be: |
| | 101 | Description: server1.silverfilecorp.com |
| | 102 | Hostname: tcp:127.0.0.1 |
| | 103 | Host Template: ucd/net SNMP Host |
| | 104 | SNMP Community: public |
| | 105 | SNMP Version: Version 2 |
| | 106 | SNMP Port: 16000 |
| | 107 | |
| | 108 | Make sure you put in the specific Description, Community and the SNMP Port for that host. |
| | 109 | |
| | 110 | Next configure the graphs you want. Seperate wiki |
| | 111 | |
| | 112 | |
| | 113 | |
| | 114 | |
| | 115 | |
| | 116 | |
| | 117 | |
| | 118 | |
| | 119 | |
| | 120 | |
