Versions Compared

Old Version 5

changes.mady.by.user Hamilton Watkins

Saved on

compared with

New Version 6

changes.mady.by.user Hamilton Watkins

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

This document describes how to install NMIS9 on GNU/Linux systems.

Caveats

NMIS9 has been widely deployed and tested on many Linux distros, with Red Hat/CentOS being the most popular among  our customers. This document contains variations specific to several Linux distros, but not all of them have been tested equally heavily: Centos 6/7, Debian 8/9, Ubuntu LTS are our main platforms for in-house testing.

We do appreciate your feedback (and any modifications or changes) that you might submit to support@opmantek.com!

Assumptions

The reader is assumed to have a working knowledge of UNIX or GNU/Linux systems and what Perl is. While NMIS is written in Perl, you do not need to be a "Perl hacker" to install this program and make it work. Some fundamental knowledge of  how to compile software on UNIX systems would certainly be helpful, but is by no means required.

This document will use the <nmisdir> tag to refer to NMIS's installation directory (whose default is /usr/local/nmis9); the tag <version> stands for the full version of NMIS (at this time 9.1.1).

The Installation Process

Linux Distribution

First, install your GNU/Linux distribution of choice. It is recommended to select a basic installation type with no extra stuff. That means no GNOME, KDE, "Server" packages, or anything else.
Depending on your choice of distribution, the "minimal" installation type may not be totally sufficient for NMIS: with CentOS/Redhat 7 for example, "minimal" does not include Perl  and in this case you'll have to install the Perl core (using sudo yum install perl-core) before NMIS can be installed. (Versions 8.5.14G and newer will detect this situation and offer to install perl for you.)

Linux Security Settings: SELinux and Firewalling

We recommend that you turn off SELinux. Permissive mode was tested and it worked well, just very nagging; the default mode is known to interfere with NMIS. Disabling SELinux is a lot easier than performing  the extensive configuration that SELinux needs. To check if SELinux is disabled you can use the command getenforce. If SELinux is enabled in CentOS 6.8, an example of how to disable it is below:

...

Similarly, if you have a firewall on your server (e.g. iptables / firewalld ) you need to make sure that it accepts incoming HTTP (possibly HTTPS) connections, and SNMP traps and Syslog connections/packets. This involves incoming connections to TCP ports 80 and 443, and UDP ports 161, 162, and 514.  

NMIS9 Installation

As of February 2016, NMIS is distributed in a self-extracting download format that simplifies the installation process quite a bit. More information on installer options can be found HERE: The Opmantek Installer
You can download NMIS from the Opmantek website at https://opmantek.com/network-tools-download/; the distribution file is called nmis<version>.run, and your browser will likely prompt you regarding what to do with this '.run' file; you should tell it to Save the file, ideally in /tmp.

Starting the Installer

Please note that the installer must be run with superuser privileges; if you're not the root user you'll have to use sudo or su to switch privileges.

...

And that's really all there is to it! When the installer finishes, NMIS should be fully installed and working.

If the installer asks you about installing some Perl modules with CPAN...

...don't panic, this is more or less expected: not all Linux distributions provide readymade packages for all of NMIS' needs, thus certain modules require installation from CPAN, the "comprehensive perl archive network").

...

It is essential that you  choose sudo for this question, not the default local::lib.

Initial NMIS Test. 


When the installer has completed its work you should be set to start using NMIS. As an initial check of NMIS you should likely try the command line tool "nmis-cli" and then the NMIS web GUI:

Code Block
cd /usr/local/nmis9/
sudo ./bin/nmis-cli act=schedule job.type=selftest job.force=1

Output similar to:
[root@omk-vm9-centos7 nmis9]# ./bin/nmis-cli act=schedule job.type=selftest job.force=1
Job 602d1b6596c8066f7f538765 created for type selftest.

Validate Job:
**selftest was run and then we checked for active jobs with the "act=list-schedules" and it will report active items**
[root@omk-vm9-centos7 nmis9]# ./bin/nmis-cli act=list-schedules
Active Jobs:
Id                        When                      Status                                          What                Parameters
602d1b6596c8066f7f538765  Wed Feb 17 13:34:29 2021  In Progress since Wed Feb 17 13:34:33 2021      selftest            

Queued Jobs:
Id                        When                      Priority    What                Parameters
No queued jobs at this time.


Automatic Schedule:
Operation                     Frequency
Escalations                   1m30s
Metrics Computation           2m
Configuration Backup          1d
Old File Purging              1h
Database Cleanup              1d
Selftest                      15m
File Permission Test          2h
[root@omk-vm9-centos7 nmis9]# ./bin/nmis-cli act=list-schedules
No activities scheduled or in-progress.

Automatic Schedule:
Operation                     Frequency
Escalations                   1m30s
Metrics Computation           2m
Configuration Backup          1d
Old File Purging              1h
Database Cleanup              1d
Selftest                      15m
File Permission Test          2h
[root@omk-vm9-centos7 nmis9]# date
Wed Feb 17 13:35:19 UTC 2021

This command below will do a quick check of directory and file existence as well as ownership and permissions.

Code Block
cd /usr/local/nmis9/
sudo ./bin/nmis-cli act=fixperms


Now, fire up your favourite Web browser and surf to your server. The primary url for NMIS is http://<yourhostname-or-ip>/nmis9/, and that page shows both a link to the  NMIS dashboard and the  online NMIS documentation.

...


If you can't access the NMIS web site check that there is no firewall keeping you from accessing your NMIS system (NMIS needs access to TCP port 80), that the apache web server on your NMIS server is running, and that there is no SELinux throwing a spanner in the works.
You may need  to check iptables -L on your NMIS server, as well as /etc/selinux/config and the exit code of selinuxenabled.

SNMPD, Net-SNMP and collecting stats of the NMIS server itself


NMIS9 ships with one default node configured for collection, primarily to prove it is all working. This node is called localhost and NMIS will collect statistics from your NMIS server using SNMP - if an SNMP agent is available, or just Ping statistics if not.

However, the installer does not automatically configure this local Net-SNMP daemon; if you would like to collect the NMIS server's statistics follow the instructions below - otherwise you're done with the installation.

You will likely want to consult and use the example configuration for Net-SNMP's snmpd, which ships with NMIS in the file <nmisdir>/install/snmpd.conf.

Because the installer has installed Net-SNMP for you already, you only need to backup its default config and move in the NMIS example one. You should very much modify this config to secure the SNMP read access according to your organisation's security policy!


Code Block
cd /usr/local/nmis9
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
mv /etc/snmp/snmptrapd.conf /etc/snmp/snmptrapd.conf.orig
cp conf-default/snmpd/snmpd.conf /etc/snmp/snmpd.conf
cp conf-default/snmpd/snmptrapd.conf /etc/snmp/snmptrapd.conf
cp conf-default/snmpd/snmptrapd.options /etc/sysconfig/snmptrapd # for CentOS/Red Hat only

Debian/Ubuntu

 The last command in the list above will fail as there is no /etc/sysconfig directory on this platform.  Instead the snmptrap service is started by the snmpd service, and is enabled by updating the file /etc/default/snmpd with the following line:

Code Block
TRAPDRUN=yes


Auto Start SNMP Daemons

Ensure that you tell your system  to start snmpd and snmptrapd automatically on boot.

CentOS/RedHat 6

Code Block
# as root
/sbin/chkconfig snmpd on
/sbin/chkconfig snmptrapd on

CentOS/RedHat 7

Code Block
# as root
systemctl enable snmpd.service
systemctl enable snmptrapd.service

Debian/Ubuntu

Code Block
# as root
update-rc.d snmpd defaults
update-rc.d snmptrapd defaults
service snmpd start  
service snmptrapd start


Run a Test Update

Once your local snmpd is running, you should run a test update operation:


Code Block
sudo /usr/local/nmis9/bin/nmis-cli act=schedule job.type=update job.node=localhost


The output will look similar to this example:


Code Block
[root@omk-vm9-centos7 bin]# /usr/local/nmis9/bin/nmis-cli act=schedule job.type=update job.node=localhost
Job 602c2acf7c3f4515dbebdb35 created for node localhost (528a065e-2afe-4ca4-8cf7-7e032ce3e61e) and type update.

As the installer has already installed the default NMIS cron schedule NMIS will poll and collect all known nodes every 5 minutes. You can now either run a test collect or sit back and wait for NMIS to do the next one automatically:


Code Block
sudo /usr/local/nmis9/bin/nmis-cli act=schedule job.type=collect job.node=localhost

After that collect operation has concluded you should see the newest data for your NMIS server on the NMIS dashboard.

Acces NMIS and Start using and configuring

NMIS8 - A Quick Getting Started Guide

Advanced Installer Use

Access the source without installation

If you want to read the installer source, or access the distributed files without actual installation, then simply pass the arguments –-keep --noexec to the run file invocation, e.g.

Code Block
sh ./nmis<version>.run --keep --noexec

This tells the self-extracting installer to just  unpack the archive (into the directory nmis<version>) and to not start the interactive installer component.

Install in a non-standard location

If you want the installer to install NMIS into a non-standard directory, change to invocation to include site=<somepath> (after a mandatory -- separator), e.g.

Code Block
sh ./nmis<version>.run -- site=/opt/nmis


Info

For more information regarding installing NMIS in a non default location please review NMIS8 - Installing NMIS in a Non Standard Location

Please remember to replace NMIS8 versions with NMIS9 in the directory setup.


Only check and install dependencies

If you don't want to perform the actual installation but only perform the software dependency resolution and check and install any prerequisites, use listdeps=true (after a -- separator), e.g.


Code Block
sh ./nmis<version>.run -- listdeps=true

Non-interactive, automatic installation/upgrade

If your NMIS was downloaded after 2016-07-11, then the installer also offers a non-interactive automatic mode, where all the normal questions are automatically answered with the default choice.
To use this mode, simply pass in -y (somewhere after the mandatory -- separator), e.g.

Code Block
sh ./nmis<version>.run -- -y
# recommended for safety: wrapped in screen with output logging on
screen -L sh ./nmis<version>.run -- -y


Please note that in non-interactive mode, all optional automatic model and database location migration operations are attempted.
In this mode there is a higher likelihood to miss error indications raised by certain operations (as not absolutely all screen output can be dumped into the installer log), and we recommend therefore that you capture the full installer outputs for scrutiny (using a tool like script or screen, like in the example above).

Installation Log

The installer creates a log of all the operations that it performs, which is saved in the main NMIS installation directory as install.log. Subsequent NMIS upgrades add extra information to that log file, but the installer always starts its work with an initial log message that indicates when an installation/upgrade was performed. It is safe to delete the installer log file if you don't want to keep old installation and upgrade info.

Historical Manual Installation Instructions

The old manual installation instructions are available for your perusal on this page. Please note that these old instructions are no longer updated and will definitely diverge more or less from current best practice! (which is to let the installer handle the installation intricacies on your behalf).