Versions Compared

Old Version 1

changes.mady.by.user Mark Dueck

Saved on

compared with

New Version 2

changes.mady.by.user Mark Dueck

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Copy the opHA tarball to the slave or master NMIS server (a tarball is a GZIP'd tar file, e.g. opHA-1.1.tar.gz)
    1. You may need to use SCP or FTP to get the file onto the server.
  • The file will now likely be in the users home directory.
  • If the installation directory does not already exist
  • Change into the directory where the tarball was copied
  • Untar the fileopHA will be installed into /usr/local/omk
Code Block
themeEmacs
unalias cp
cd ~/usr/local
tar xvf ~/opHA-<version>.tar.gz
cd opHA/
cp cgi-bin/connect.pl /usr/local/nmis8/cgi-bin/ 
cp lib/NMIS/Connect.pm /usr/local/nmis8/lib/NMIS# NB! If you get a message about timestamps in the future be sure to fix the clock on the server 
cd omk/

cp install/nmis/Access.nmis.opha /usr/local/nmis8/install
cp install/nmis/Tables.nmis.opha /usr/local/nmis8/install
cp install/nmis/Table-Nodes.nmis.opha /usr/local/nmis8/conf/Table-Nodes.nmis

cp install/nmis/BusinessServices.nmis /usr/local/nmis8/conf
cp install/nmis/Servers.nmis /usr/local/nmis8/conf
cp install/nmis/Customers.nmis /usr/local/nmis8/conf
cp install/nmis/ServiceStatus.nmis /usr/local/nmis8/conf
cp install/nmis/Tenants.nmis /usr/local/nmis8/conf
cp install/nmis/Table-* /usr/local/nmis8/conf
 
# Merge your current Access configuration with the opHA access configuration
/usr/local/nmis8/admin/updateconfig.pl /usr/local/nmis8/install/Access.nmis.opha /usr/local/nmis8/conf/Access.nmis 
/usr/local/nmis8/admin/updateconfig.pl /usr/local/nmis8/install/Tables.nmis.opha /usr/local/nmis8/conf/Tables.nmis 

/usr/local/nmis8/admin/fixperms.pl

...



cp install/omkd.init.d /etc/init.d/omkd
cp install/opCommon.nmis conf/
cp install/users.dat conf/

chown -R nmis:nmis /usr/local/omk
  
chkconfig --add omkd
service omkd start

Verify that the daemon is running:

Code Block
root@nmis64 script]# service omkd start
Starting omk daemon: 
[root@nmis64 script]# ps aux | grep opmantek
root 14949 1.1 3.0 213880 63504 pts/0 S 07:43 0:00 ./opmantek.pl daemon
root 14952 0.0 0.0 103224 864 pts/0 S+ 07:43 0:00 grep opmantek
[root@nmis64 script]#

If you do not see the daemon running, try this and look for the reason it is not working (skip this if everything above is fine)

Code Block
cd script
./opmantek.pl daemon
# if that does not give you any errors and runs, CTRL+C and then run
./opmantek.sh
# now grep for the opmantek process again, also check the log files in /usr/local/omk/log

opHA Authentication Model

opHA has a simple yet strong authentication model, to prevent unwanted access to NMIS data.

The slave The opHA daemon is configured with:

  • An NMIS opHA user and password, by default this is an Apache htpasswd file, defined in /usr/local/nmis8omk/conf/users.dat
  • An NMIS user, with associated privileges, defined in /usr/local/nmis8/conf/Users.nmis
  • An NMIS user The opHA user to use for the authentication policy enforcement, defined per Server in /usr/local/nmis8/conf/ConfigServers.nmis
  • Server Community, which the server must use to request data.

The master is configured with (for each slave):

  • (on the master if they are pulling, for the slaves if they are pushing)
  • An IP address list that defines who is allowed to connect to the daemon (depending on the operation a combination of ip address and login credentials is required)
  • An NMIS user and password, which needs to match the slave configuration
  • A slave/server community, which needs to match the slave configuration.

This model enables you to use separate credentials for each slave or the same credentials for each slave, providing for simple configuration, and more secure configuration if required.All communications between master and slave can be done over SSL if required, this is supported by configuring your server HTTPD to support SSL and then configuring the master, slave communications to use HTTPS.

opHA Slave Configuration

This configuration will be done on each NMIS Slave Server.  By default, the shared community for a slave is "secret" if you want to change this to something specific you can edit the NMIS Configuration item "slave_community" using your favourite text editor, edit this line and change secret to your desired opHA community string.

...