wiki:administration/cacti
close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Version 12 (modified by greg, 14 years ago) (diff)

--

monitor.silverfilecorp.com:2240 (no login yet, need to get into sudoers)

Cacti Server and Remote Host Setup

Initial Cacti Server Setup

This part needs to be done only once

Create a new user on the Cacti server named 'cacti' to run the ssh tunnels 

###create the user and home directory. -m = make home directory
adduser cactitunnel
###set the password for cacti and keep a safe copy.
passwd cactitunnel

Create the private/public key for authentication 

###This should be run from the cacti server logged in as the cacti user
###Press enter twice to accept the defaults. Use no pass phrase.
ssh-keygen -t rsa

Create a bash script to open up the ssh tunnels. We need to figure out the best way to close the tunnels before this script runs once we have many SilverFile? boxes to monitor. If the script is run while the existing tunnels are open, additional tunnels will be opened up which will get messy. Perhaps a perl or python script would be better for this. 

###Create the file from the cacti user's home directory
vim tunnels.sh
###Add the following to the file

-----
###This should be run from the cacti server logged in as the cacti user.
#!/bin/sh
rm /home/cacti/tunnel.log
###Server1.remotesilverfilebox.com
### Each additional SilverFile box will get an entry like this one. The tunnel port number will
###increase by one and the box address will be unique. 
ssh -N -L 16000:127.0.0.1:161 snmptunnel@sf001.silverfilecorp.com >> /home/cactitunnel/tunnel.log &
###Example of next remote host
###ssh -N -L 16001:127.0.0.1:161 snmptunnel@sf001.silverfilecorp.com >> /home/cactitunnel/tunnel.log &

Make the file executable 

chmod +x tunnels.sh

That's it until we have a remote host to monitor.

Remote Host setup

Setup snmp and a user to transfer the data to the Cacti server

Install snmp and some snmp utilities 

###Install snmp and run it as a daemon
apt-get install snmpd
###Optional, install some tools to use for testing if you want
apt-get install snmp

Create a backup of the conf file and add our settings 

###Make a copy of the original
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
###Edit snmpd.conf
vim /etc/snmp/snmpd.conf

Change (or comment out and add a new line) the line starting with com2sec so it reads:

'com2sec readonly default littlebigbear' (where littlebigbear is the name of our community string)

And add the following line to switch the port from upd to tcp

'agentaddress tcp:161'

Save the exit the file.

Restart the snmpd daemon 

/etc/init.d/snmpd restart

Optional: Test that snmp is producing data 

snmpwalk -v 1 -c public tcp:localhost:161

Make a new user for the ssh tunnel to connect to. 

###add a regular user w/login for now. We'll remove login-ability later
adduser snmptunnel
###Give snmp a password for now. write it down for later.
passwd snmptunnel

That's all on the remote client for now.

Setup access to remote hosts from the cacti server

Login as the ssh tunnel user and copy the public rsa key to the remote host. 

###While logged in as ssh tunnel user.
###This will connect to the remote host, create the ~/.ssh directory on the remote host and create then write
###the public rsa key to the file ~/.ssh/authorized_keys.
cat ~/.ssh/id_rsa.pub | ssh snmptunnel@sf001.silverfilecorp.com 'mkdir .ssh && cat >>.ssh/authorized_keys'

Edit the tunnels.ssh file by adding the new host in a line similar to the others. Increase the 16000 range port by one and use the new host's url. Save the file. make the file executable 

chmod +x tunnels.sh

At this point it might be best to just initiate the tunnel from the command line. Once we get a script that will kill all the existing tunnels and then re-establish them all we'll be able to just run the script. For now Just copy the line you added to the script and run it from the command line.

Remove shell login rights to the remote snmp user 

###On the remote host
usermod -s /bin/false snmp

Note: All the remote host setup should be done during the configuration of the SilverFile? box. This would eliminate the step of copying over the rsa public key from the Cacti server.

Now just log into the Cacti web-admin and configure the new client. Click on Devices and add a new device. The settings should be: Description: server1.silverfilecorp.com Hostname: tcp:127.0.0.1 Host Template: ucd/net SNMP Host SNMP Community: littlebigbear SNMP Version: Version 2 SNMP Port: 16000

Make sure you put in the specific Description, Community and the SNMP Port for that host.

Next configure the graphs you want. Seperate wiki maybe?