| Table of Contents |
|---|
Installation Prerequisites
- The individual performing this installation has a small bit of Linux experience.
- Root access is available.
- Internet access is required for installing any missing but required software packages.
- NMIS must be installed on the same server that opHA is being installed on.
- You will need a license for opHA ( CONTACT US for an evaluation license ).
- opHA has to be installed onto the Master Primary and each Slave Poller NMIS server.
Preparation
- If you do not yet have a working installation of NMIS in your server, please follow the procedure in the NMIS 8 Installation Guide.
- Download opHA from the Opmantek website.
...
Transfer the opHA tarball onto all servers in question, the Master Primary and all the Slavespollers; either by direct download from the Opmantek website, or from your desktop with scp or sftp or a similar file transfer tool. Repeat the following steps for each involved server:
Become root and unpack the tarball:
Code Block # become rootsudo sh#root sudo sh # if the tarball was saved in a different location, adjust the following command cdtar cd # extract the tarball tar xzf opHA-x86_64-2.1.0.tgz
Start the interactive installer and follow its instructions:
Code Block sudo sh cd opHA-2.1.0/ ./installer ++++++++++++++++++++++++++++++++++++++++++++++++++++++ opHA (2.1.0) Installation script ++++++++++++++++++++++++++++++++++++++++++++++++++++++ This installer will install opHA into /usr/local/omk. To select a different installation location please rerun the installer with the -t option. ...
- The installer will interactively guide you through the steps of installing opHA. Please make sure to read the on-screen prompts carefully.
- When the installer finishes, opHA is installed into
/usr/local/omk, and the default configuration files are in/usr/local/omk/conf, ready for your initial config adjustments. - A detailed log of the installation process is saved as
/usr/local/omk/install.log, and subsequent upgrades or installations of other Opmantek products will add to that logfile. - For detailed information about the interactive installer please check the Opmantek Installer page.
Enter License and accept EULA
- a small warning: the installer may warn about two "incorrect checksum detected" for two files, if you install this version on top of the Opmantek Virtual Appliance version 8.5.6G or after other Opmantek applications that were released since opHA 2.1.1. These warnings are benign and you can safely confirm that the installer is allowed to 'overwrite' those files.
Enter License and accept EULA
If the daemon is loaded and the installation has gone well you If the daemon is loaded and the installation has gone well you should now be able to load the opHA GUI, from http://server_name:8042/omk/opHA. This URL should present you with a webpage that allows you to enter a license key and accept a EULA. This step will need to be completed on each opHA instance. After successful license key and EULA acceptance you will be presented with a dashboard that looks like this:
...
- An opHA user and password, by default this is an Apache htpasswd file, defined in
/usr/local/omk/conf/users.dat. - The opHA user to use for the authentication, defined per Server in
/usr/local/nmis8/conf/Servers.nmis(on the master Primary if they are pulling, for the slaves pollers if they are pushing) - An IP address list that defines who is allowed to connect to the daemon (depending on the operation a combination of ip address and login credentials is required)
This model enables you to use separate credentials for each slave poller or the same credentials for each slavepoller, providing for simple configuration, and more secure configuration if required.
...
Server names need to be lower case with no spaces, e.g. NMIS_Server24 is bad, nmis_server24 is good.
Server names need to be names not IP addresses, and should be the hostname not a FQDN, e.g. server NOT server.domain.com
Now set the server name in Config.nmis, search for server_name:
...
Add Servers to Servers.nmis
opHA supports slaves pollers pushing updates or masters Primaries pulling updates (or both). If you want a slave poller to have the ability to push, it needs to have the servers it should push to in it's Servers.nmis file. Conversely if you want masters Primaries to be able to pull they need to have the slaves pollers they should pull from in their Servers.nmis file. At this point it is good to draw yourself a diagram (if you have not already) to aid you in configuring each master Primary and slavepoller.
In addtionaddition: each server (master Primary and slavepoller) needs to have a localhost entry in Servers.nmis which tells the server how to log in to itself. NB: it must be 'localhost' in both the key and name portions, 127.0.0.1 will not work!
The Servers nmis file The Servers nmis file is located at /usr/local/nmis8/conf/Servers.nmis, you will need to add a section for each server the daemon will be connecting to. The NMIS GUI can help you create these entries, to use it load up NMIS on the server you are configuring, and select "System->System Configuration->Servers" from the menu.
The default entries look like this:
Important Notes:
- the name (key) cannot contain / or . and must match what is in the key (which is the first line opening each settings bracket 'key' => {
- if the name refers to an NMIS Poller server, it should match the setting in 'server_name' mentioned above.
- host must be a FQDN if it is not an IP (try using 127.0.0.1 if localhost does not work)
The default entries look like this:
Please read the COMMENTS for each entry CAREFULLY
| Code Block | ||
|---|---|---|
| ||
'key' => { ### this must match the server_name in Config.nmis on the poller
'name | ||
| Code Block | ||
| ||
'nmis1' => { 'name' => 'nmis1', # what to name this server in the GUI 'config' => 'Config.nmis', 'protocol' => 'http', # only HTTP is supported at this time 'port' => '8042key', # thisThe shouldname beof the portserver- thatmust omkd runs on, setmatch server_name in opCommon, 'omkd_listen_port' 'host' => 'nmis1.domain.com', # name/ip address omkd will use to connect to the server. Must be FQDN or IP, hostname.local might work 'userit's Config.nmis file it also what is displayed in the GUI, MUST match key in line above also 'config' => 'nmismstConfig.nmis', # user omkd will connect to this server with 'passwd 'protocol' => 'C00kb00khttp', # passwordonly omkdHTTP willis connectsupported toat this server withtime 'portal_hostport' => 'vali.opmantek.com8042', # this 'portal_port' => '80', 'portal_protocol' => 'http', 'cgi_url_baseshould be the port that omkd runs on, set in opCommon, 'omkd_listen_port' UNLESS CHANGED IT IS 8042 'host' => '/cgi-nmis8' } |
Edit the entry to look like this, in this example the hostname of the slave is "vali":
| Code Block | ||
|---|---|---|
| ||
'localhost' => { 'name' => 'localhost', 'config' => 'Config.nmis', 'protocol' => 'http', 'host' => 'localhost', 'port' => '8042', example.domain.com', # the hostname used by the opHA process to connect to the server and retreve node and summary data, it will match the nmis_host field in Config.nmis. It must be FQDN or IP and should match the one in Config.nmis, hostname.local might work 'user' => 'nmisnmismst', # user omkd will connect to this server with 'passwd' => 'nm1888C00kb00k' }, 'vali' => { 'name' => 'vali', 'config# password omkd will connect to this server with 'portal_host' => 'Configexample.domain.nmiscom', ## This 'protocol' => 'http', 'port' => '8042', is the FQDN used to make links to the poller it will match the 'host' => 'vali', 'user' => 'nmismst', 'passwd' => 'C00kb00k', 'portal_host' => 'vali.opmantek.com', entry above UNLESS you are using a proxy service to reach the poller in which case it is the FQDN used to refer to the poller through the proxy. 'portal_port' => '80', 'portal_protocol' => 'http', 'cgi_url_base' => '/cgi-nmis8' } |
There are many options in this configuration but unless you are wanting to change the defaults considerably most of them will not matter. Currently using HTTPS is not supported in the protocol section. You can use different user and passwd permissions here.
If you were presenting the Slave and needed to use an alternate connection, e.g. through a reverse proxy for presenting a portal, you would modify the portal_protocol, portal_port and portal_host accordingly.
Configure Authentication
- To add new users see the documentation here for adding users to htpasswd, the htpasswd file for opHA is in /usr/local/omk/conf/
- After you have the users configured you will need to modify /usr/local/omk/conf/opCommon.nmis, find the line "'opha_allowed_ips' => ['127.0.0.1'] and add the IP addresses of the opHA servers that are allowed to connect to the server you are configuring.
The ohha_allowed-ips entry contains an array of IP addresses. Each entry must be enclosed with single quotes and separated by commas. Failure to properly format this line will prevent the push/pull of data, although the Test Connection may pass. See the example below:
For example, if we want to allow the servers at 192.168.1.42 and 192.168.2.42 to connect to this server, we add them to conf/opCommon.nmis like this:
| Code Block |
|---|
'opha_allowed_ips' => ['127.0.0.1', '192.168.1.42', '192.168.2.42'], |
NB!! : Restart the daemon (needed after any config change)
| Code Block |
|---|
service omkd restart |
Testing Server Connections
Load the opHA dashboard (http://server_name:8042/omk/opHA/) and from the top menu, select "Views -> Servers". You should now be presented with a list of servers that you have configured for this opHA instance. There will be a column with links named "Test Sign In", select the server you would like to test, on successful sign in you will be presented with a page that says "Login Success". If you do not see this you will get an error giving you a hint at what is happening. You can use the logs in /usr/local/omk/log to help you determine what the issue is.
Refreshing the servers page after a successful signin will show the date of the last successful signin (as well as the last login error and last update).
IMPORTANT: If the date of either of your servers is not correct you will have an error signing in
Promoting NMIS to be a Master
By default, an NMIS server operates in standalone mode (which is also slave mode), to have NMIS behave in a masterly fashion, you will need to modify the configuration, so you can edit the NMIS Configuration item "sever_master" using your favourite text editor, edit this line and change from "false" to "true".
| Code Block | ||
|---|---|---|
| ||
'server_master' => 'true',
'nmis_master_poll_cycle' => 'false' # this must be false |
Adding Slave Groups to Master
On each slave you will need to determine which groups are currently in use.
| Code Block | ||
|---|---|---|
| ||
[root@vali conf]# grep group_list /usr/local/nmis8/conf/Config.nmis
'group_list' => 'HQ,HQDev', |
This will result in a list of groups which need to be added to the NMIS Master, edit /usr/local/nmis8/conf/Config.nmis and add these groups to that list, this is a comma separated list.
| Code Block | ||
|---|---|---|
| ||
'group_list' => 'NMIS8,DataCenter,Branches,Sales,Campus,HeadOffice,HQ,HQDev', |
Limiting Master Group Collection
opHA supports Multi-Master, that means you can have several masters collecting information from the same slaves if required. This could be especially useful if you wanted to have one master with all groups on a slave, and another master with different groups from different slaves, effectively sharing some information between groups.
To do this you use the group property in the Servers.nmis file. Edit the file and add the group property in and a regular expression in for the groups, this will take the form
| Code Block |
|---|
'group' => 'Brisbane|Boston|Saratoga', |
This will match all groups contain the sub-strings, Brisbane, Boston or Saratoga. A complete server entry would look like this.
| Code Block |
|---|
'demo' => {
'name' => 'demo',
'config' => 'Config',
'protocol' => 'http',
'port' => '8042',
'host' => '192.168.1.42',
'group' => 'Brisbane|Boston|Saratoga',
'user' => 'nmismst',
'passwd' => 'C00kb00k',
'portal_host' => 'demo.opmantek.com',
'portal_port' => '80',
'portal_protocol' => 'http',
'cgi_url_base' => '/cgi-nmis8'
}, |
Test Push/Pull
There are several ways to verify that the transfers are working correctly:
- use the GUI to do a pull or push (http://server_name:8042/omk/opHA/), select the server you want to push to or pull from (or select all to test them all) and press the appropriate button
the output will be a JSON document, with a hash entry for each successful file transfer:
Code Block { source: "vali", success: "Transfer complete", file_name: "nmis-summary8h", destination: "localhost" },On error there will be a hash entry with an error key along with information to help you solve the problem
Code Block { url: "http://vali:443/login", error: "Error signing in", server_signin_url: "http://localhost:8042/omk/opHA/servers/vali/signin", message: "Transaction was not a success.", server_name: "vali" },
- check the logs and watch the transfers happen
- view the list of configured servers and check the "Last Update" column
Running a Master Collection
There are two options to run opHA, using Cron or a as a post process after a NMIS does a collect. Pushes and pulls can be requested from anywhere, if they are requested from the localhost no authentication is required, if they are requested from elsewhere authentication is required.
Before you start make sure you have this in Config.nmis
| Code Block |
|---|
'nmis_master_poll_cycle' => 'false', |
To run from cron add this line to the crontab which runs your nmis collections. This line will push or pull (depending on which one you pick) to all servers. If you would only like to push or pull to a specific server replace "all" with the server name
| Code Block |
|---|
*/2 * * * * wget http://localhost:8042/omk/opHA/servers/all/[push|pull] -o /dev/null# all servers
*/2 * * * * wget http://localhost:8042/omk/opHA/servers/vali/pull -o /dev/null # just pull server vali |
This will get your collections running every 2 minutes regardless of other polling.
To run after an NMIS collect, put a script like this in /usr/local/nmis8/bin/nmis_post_proc.pl
Edit the entry to look like this, in this example the hostname of the poller is "vali":
| Code Block | ||
|---|---|---|
| ||
'localhost' => {
'name' => 'localhost',
'config' => 'Config.nmis',
'protocol' => 'http',
'host' => '127.0.0.1',
'port' => '8042',
'user' => 'nmis',
'passwd' => 'nm1888'
},
'vali' => {
'name' => 'vali',
'config' => 'Config.nmis',
'protocol' => 'http',
'port' => '8042',
'host' => 'vali.opmantek.com',
'user' => 'nmismst',
'passwd' => 'C00kb00k',
'portal_host' => 'vali.opmantek.com',
'portal_port' => '80',
'portal_protocol' => 'http',
'cgi_url_base' => '/cgi-nmis8'
} |
There are many options in this configuration but unless you are wanting to change the defaults considerably most of them will not matter. Currently using HTTPS is not supported in the protocol section. You can use different user and passwd permissions here.
If you were presenting the poller and needed to use an alternate connection, e.g. through a reverse proxy for presenting a portal, you would modify the portal_protocol, portal_port and portal_host accordingly.
Configure Authentication
- To add new users see the documentation here for adding users to htpasswd, the htpasswd file for opHA is in /usr/local/omk/conf/
- After you have the users configured you will need to modify /usr/local/omk/conf/opCommon.nmis, find the line "'opha_allowed_ips' => ['127.0.0.1']
- Pollers do the following: add the IP addresses of the Primary Server(s) that are allowed to connect to the server you are configuring.
- Primary Servers do the following: add the IP addresses of every Poller Server that it will manage.
The ohha_allowed-ips entry contains an array of IP addresses. Each entry must be enclosed with single quotes and separated by commas. Failure to properly format this line will prevent the push/pull of data, although the Test Connection may pass. See the example below:
For example we add them to conf/opCommon.nmis like this:
Primary Server opCommon.nmis setting for "opha_allowed_ips"
| Code Block |
|---|
'opha_allowed_ips' => ['127.0.0.1', 'Poller1IP', 'Poller2IP'], |
Poller opCommon.nmis setting for "opha_allowed_ips"
| Code Block |
|---|
'opha_allowed_ips' => ['127.0.0.1', 'Master1IP', 'Master2IP'], |
NB!! : Restart the daemon (needed after any config change)
| Code Block |
|---|
service omkd restart |
Testing Server Connections
Load the opHA dashboard (http://server_name:8042/omk/opHA/) and from the top menu, select "Views -> Servers". You should now be presented with a list of servers that you have configured for this opHA instance. There will be a column with links named "Test Sign In", select the server you would like to test, on successful sign in you will be presented with a page that says "Login Success". If you do not see this you will get an error giving you a hint at what is happening. You can use the logs in /usr/local/omk/log to help you determine what the issue is.
Refreshing the servers page after a successful signin will show the date of the last successful signin (as well as the last login error and last update).
IMPORTANT: If the date of either of your servers is not correct you will have an error signing in
Promoting NMIS to be a Primary
By default, an NMIS server operates in standalone mode (which is also poller mode), to have NMIS behave in a Primary fashion, you will need to modify the configuration, so you can edit the NMIS Configuration item "server_master" using your favourite text editor, edit this line and change from "false" to "true".
| Code Block | ||
|---|---|---|
| ||
'server_master' => 'true',
'nmis_master_poll_cycle' => 'false' # this must be false |
Adding Poller Groups to Primary
On each poller you will need to determine which groups are currently in use.
| Code Block | ||
|---|---|---|
| ||
[root@vali conf]# grep group_list /usr/local/nmis8/conf/Config.nmis
'group_list' => 'HQ,HQDev', |
This will result in a list of groups which need to be added to the NMIS Primary, edit /usr/local/nmis8/conf/Config.nmis and add these groups to that list, this is a comma separated list.
| Code Block | ||
|---|---|---|
| ||
'group_list' => 'NMIS8,DataCenter,Branches,Sales,Campus,HeadOffice,HQ,HQDev', |
You can also use the admin script /usr/local/nmis8/admin/grouplist.pl on the Primary to find and patch all groups used by all devices imported from the pollers, it can even be added to cron to automate group updates.
Once opHA has succesfully pulled/pushed the devices from poller to Primary you can analyse and patch the groups list by using the following.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
# Simply list all found groups so you can add them to 'group_list' => '...' as above
[root@opmantek ~]# /usr/local/nmis8/admin/grouplist.pl
Branches
DataCenter
IOSXR
NMIS8
The following is the list of groups for the NMIS Config file Config.nmis
'group_list' => 'Branches,DataCenter,NMIS8,IOSXR',
## You can then simply copy this last line to replace the curren line in Config.nmis
### Alternatively the script can automatically update the Config.nmis file's 'group_list' entry for you using the patch=true argument as follows:
/usr/local/nmis8/admin/grouplist.pl patch=true |
Limiting Primary Group Collection
opHA supports Multi-Primary, that means you can have several Primaries collecting information from the same pollers if required. This could be especially useful if you wanted to have one Primary with all groups on a poller, and another Primary with different groups from different pollers, effectively sharing some information between groups.
To do this you use the group property in the Servers.nmis file. Edit the file and add the group property in and a regular expression in for the groups, this will take the form
| Code Block |
|---|
'group' => 'Brisbane|Boston|Saratoga', |
This will match all groups contain the sub-strings, Brisbane, Boston or Saratoga. A complete server entry would look like this.
| Code Block |
|---|
'demo' => {
'name' => 'demo',
'config' => 'Config',
'protocol' => 'http',
'port' => '8042',
'host' => '192.168.1.42',
'group' => 'Brisbane|Boston|Saratoga',
'user' => 'nmismst',
'passwd' => 'C00kb00k',
'portal_host' => 'demo.opmantek.com',
'portal_port' => '80',
'portal_protocol' => 'http',
'cgi_url_base' => '/cgi-nmis8'
}, |
Test Push/Pull
There are several ways to verify that the transfers are working correctly:
- use the GUI to do a pull or push (http://server_name:8042/omk/opHA/), select the server you want to push to or pull from (or select all to test them all) and press the appropriate button
the output will be a JSON document, with a hash entry for each successful file transfer:
Code Block { source: "vali", success: "Transfer complete", file_name: "nmis-summary8h", destination: "localhost" },On error there will be a hash entry with an error key along with information to help you solve the problem
Code Block { url: "http://vali:443/login", error: "Error signing in", server_signin_url: "http://localhost:8042/omk/opHA/servers/vali/signin", message: "Transaction was not a success.", server_name: "vali" },
- check the logs and watch the transfers happen
- view the list of configured servers and check the "Last Update" column
Push/Pull Configurations
opHA allows to change some default connection settings to influence in the connection with the peer.
| Code Block | ||
|---|---|---|
| ||
'opha' => {
...
'opha_connect_status_expiry_time' => 5,
'opha_connect_timeout' => 3,
'opha_inactivity_timeout' => 5,
'opha_remote_endpoints' => [],
'opha_request_timeout' => 9,
'opha_websocket_reconnect_time' => 3
} |
opHA also allow to control the data that we are going to pull/push:
| Code Block | ||
|---|---|---|
| ||
'opha' => {
...
'opha_transfer_files' => [
{
'destination_dir' => 'var',
'destination_file_name' => '',
'source_dir' => 'conf',
'source_file_name' => 'Nodes'
},
{
'destination_dir' => 'var',
'destination_file_name' => '',
'source_dir' => 'var',
'source_file_name' => 'nmis-nodesum'
},
{
'destination_dir' => 'var',
'destination_file_name' => '',
'source_dir' => 'var',
'source_file_name' => 'nmis-summary8h'
},
{
'destination_dir' => 'var',
'destination_file_name' => '',
'source_dir' => 'var',
'source_file_name' => 'nmis-summary16h'
},
{
'destination_dir' => 'var',
'destination_file_name' => '',
'source_dir' => 'var',
'source_file_name' => 'nmis-event'
}
],
} |
Running a Primary Collection
There are two options to run opHA, using Cron or as a post process after NMIS does a collect. Pushes and pulls can be requested from anywhere, if they are requested from the localhost no authentication is required, if they are requested from elsewhere authentication is required.
Before you start make sure you have this in Config.nmis
| Code Block |
|---|
'nmis_master_poll_cycle' => 'false', |
To run from cron add this to an appropriate file in your /etc/cron.d/ directory (you could create a new one or re-use your nmis file). This line will push or pull (depending on which one you pick) to a server, for example to server "demo":
| Code Block |
|---|
#### an EXAMPLE to push to a server called demo:
*/2 * * * * root wget -q |
| Code Block |
package pp; require 5; use strict; sub doPP { system("curl -s http://localhost:8042/omk/opHA/servers/all/pull"); system("wget/demo/push -O/dev/null #### an EXAMPLE with Pull for one server called Vali */2 * * * * root wget -q http://localhost:8042/omk/opHA/servers/allvali/pull -o O/dev/null"); return 1; } |
This will get your collections running every 2 minutes regardless of any other polling operations.
If you want to run the opHA transfers immediately after an NMIS collect, we recommend that you use the plugin system to hook into the post-collect phase and execute Perl code of your choice then.
Logs
Logs can be found in /usr/local/omk/log or also viewed from the GUI at http://server_name:8042/omk/opHA/logs
...
- check the logs in
/usr/local/omk/logs/. - restart the daemon (required after any config changes)
run daemon from command line and see if the terminal has any helpful errors:
Code Block /usr/local/omk/script/opmantek.pl daemon
Error Signing in For Server localhost
Detailed output:
The configuration nmis8/conf/Servers.nmis is not correct for localhost.
The server doing "pull" needs to have a correct password for the poll server and for localhost. Please verify credentials for localhost server.
Conclusion
After refreshing the web pages on the NMIS Master Primary server you will see the data from the slavespollers.