...
This model enables you to use separate credentials for each slave or the same credentials for each slave, providing for simple configuration, and more secure configuration if required.
- To add new users see the documentation here for adding users to htpasswd
- After you have the users configured you will need to modify conf/opCommon.nmis, find the line "'opha_allowed_ips' => ['127.0.0.1'] and add the IP addresses of the opHA servers that are allowed to connect to the server you are configuring.
For example, if we want to allow the servers at 192.168.1.42 and 192.168.2.42 to connect to this server, we add them to conf/opCommon.nmis like this:
| Code Block |
|---|
'opha_allowed_ips' => ['127.0.0.1', '192.168.1.42', '192.168.2.42'], |
opHA Configuration
Server Name for opHA
Server names need to be lower case with no spaces, e.g. NMIS_Server24 is bad, nmis_server24 is good.
Add Servers to Servers.nmis
opHA supports slaves pushing updates or masters pulling updates (or both). If you want a slave to have the ability to push, it needs to have the servers it should push to in it's Servers.nmis file. Conversely if you want masters to be able to pull they need to have the slaves they should pull from in their Servers.nmis file. At this point it is good to draw yourself a diagram (if you have not already) to aid you in configuring each master and slave.
In addtion: each server (master and slave) needs to have a localhost entry which tells the server how to log in to itself.
The Servers nmis file is located at /usr/local/nmis8/conf/Servers.nmis, you will need to add a section for each server the daemon will be connecting to. The NMIS GUI can help you create these entries, to use it load up NMIS on the server you are configuring, and select "System->System Configuration->Servers" from the menu.
The default entries look like this:
opHA Configuration
Server Name for opHA
Server names need to be lower case with no spaces, e.g. NMIS_Server24 is bad, nmis_server24 is good.
Add Servers to Servers.nmis
opHA supports slaves pushing updates or masters pulling updates (or both). If you want a slave to have the ability to push, it needs to have the servers it should push to in it's Servers.nmis file. Conversely if you want masters to be able to pull they need to have the slaves they should pull from in their Servers.nmis file. At this point it is good to draw yourself a diagram (if you have not already) to aid you in configuring each master and slave.
In addtion: each server (master and slave) needs to have a localhost entry in Servers.nmis which tells the server how to log in to itself.
The Servers nmis file is located at /usr/local/nmis8/conf/Servers.nmis, you will need to add a section for each server the daemon will be connecting to. The NMIS GUI can help you create these entries, to use it load up NMIS on the server you are configuring, and select "System->System Configuration->Servers" from the menu.
The default entries look like this:
| Code Block | ||
|---|---|---|
| ||
'nmis1' => {
'community' => 'secret', # this is unused
'name' => 'nmis1', # what to name this server in the GUI
'config' => 'Config.nmis',
'protocol' => 'https',
'port' => '3000', # this should be 3000, the port that omkd runs on
'host' => 'nmis1.domain.com', # the name/ip address omkd will use to connect to the server
'portal_protocol' => 'http', # the next entries define how links in the master will appear, these can be ignored for master entries on slave omkd's
'portal_port' => '80',
'portal_host' => 'nmis1.alternate.com',
'cgi_url_base' => '/cgi-nmis8',
'url_base' => '/nmis8',
'user' => 'nmismst', # the user omkd will connect to this server with
'passwd' => 'C00kb00k' # the password omkd will connect to this server with
},
'nmis2' => {
'community' => 'secret',
'name' => 'nmis2',
'config' => 'Config.nmis',
'protocol' => 'http',
'port' => '3000',
'host' => '192.168.1.42',
'portal_protocol' => 'http',
'portal_port' => '80',
'portal_host' => 'nmis2 | ||
| Code Block | ||
| ||
'nmis1' => { 'community' => 'secret', # this is unused 'name' => 'nmis1', # what to name this server in the GUI 'config' => 'Config.nmis', 'protocol' => 'https', 'port' => '443', # this should be 3000, the port that omkd runs on 'host' => 'nmis1.domain.com', # the name/ip address omkd will use to connect to the server 'portal_protocol' => 'http', # the next entries define how links in the master will appear, these can be ignored for master entries on slave omkd's 'portal_port' => '80', 'portal_host' => 'nmis1.alternate.com', 'cgi_url_base' => '/cgi-nmis8', 'url_base' => '/nmis8', 'user' => 'nmismst', # the user omkd will connect to this server with'passwd' => 'C00kb00k' } |
Edit the entry to look like this, in this example the hostname of the slave is "vali":
| Code Block | ||
|---|---|---|
| ||
'vali' => { 'passwdcommunity' => 'C00kb00k' # the password omkd will connect to this server with }, 'nmis2' => { 'community' => 'secret', 'name' => 'nmis2can_be_empty', 'name' => 'vali', 'config' => 'Config.nmis', 'protocol' => 'http', 'port' => '803000', 'host' => '192.168.1.42vali', 'portal_protocol' => 'http', 'portal_port' => '80', 'portal_host' => 'nmis2vali', 'cgi_url_base' => '/cgi-nmis8', 'url_base' => '/nmis8', 'user' => 'nmismst', 'passwd' => 'C00kb00k' } |
Edit the entry to look like this, in this example the hostname of the slave is "vali":
| Code Block | ||
|---|---|---|
| ||
'vali' => {
'community' => 'can_be_empty',
'name' => 'vali',
'config' => 'Config.nmis',
'protocol' => 'http',
'port' => '3000',
'host' => 'vali',
'portal_protocol' => 'http',
'portal_port' => '80',
'portal_host' => 'vali',
'cgi_url_base' => '/cgi-nmis8',
'url_base' => '/nmis8',
'user' => 'nmismst',
'passwd' => 'C00kb00k'
} |
There are many options in this configuration but unless you are wanting to change the defaults considerably most of them will not matter. Currently using HTTPS is not supported in the protocol section. You can use different user and passwd permissions here.
...
There are many options in this configuration but unless you are wanting to change the defaults considerably most of them will not matter. Currently using HTTPS is not supported in the protocol section. You can use different user and passwd permissions here.
If you were presenting the Slave and needed to use an alternate connection, e.g. through a reverse proxy for presenting a portal, you would modify the portal_protocol, portal_port and portal_host accordingly.
Configure Authentication
- To add new users see the documentation here for adding users to htpasswd, the htpasswd file for opHA is in /usr/local/omk/conf/
- After you have the users configured you will need to modify /usr/local/omk/conf/opCommon.nmis, find the line "'opha_allowed_ips' => ['127.0.0.1'] and add the IP addresses of the opHA servers that are allowed to connect to the server you are configuring.
For example, if we want to allow the servers at 192.168.1.42 and 192.168.2.42 to connect to this server, we add them to conf/opCommon.nmis like this:
| Code Block |
|---|
'opha_allowed_ips' => ['127.0.0.1', '192.168.1.42', '192.168.2.42'], |
Testing Server Connections
...