| Note |
|---|
Please refer to opHAv2 instructions |
opHA2 Installation and Configuration Guide
| Warning |
|---|
These instructions are deprecated and only for the old version 1. |
| Table of Contents |
|---|
Installation Prerequisites
- The individual performing this installation has some Linux experience.
- NMIS8 is installed on the same server where opHA will be installed
- NMIS8 is installed in /usr/local/nmis8
- opHA will be installed into /usr/local/nmis8
- Root access is available (not always needed but much easier)
- Perl 5.10
- RRDtool 1.4.7
- NMIS 8.3.24G or later
- opHA will be installed onto the Master Primary and each Slave Poller NMIS server
Installation Steps
...
This step will be repeated for each NMIS master Primary and slave poller server
- Copy the opHA tarball to the slave poller or master Primary NMIS server (a tarball is a GZIP'd tar file, e.g. opHA-1.1.tar.gz)
- You may need to use SCP or FTP to get the file onto the server.
- The file will now likely be in the users home directory.
- If the installation directory does not already exist
- Change into the directory where the tarball was copied
- Untar the file
...
Supported in opHA is having NMIS use JSON for its database, this will require NMIS 8.4.8g or greater. This should be enabled on all servers running in an opHA cluster. The following needs to be run on every master Primary and slave poller server in a cluster and this should be co-ordinated to run very close together.
...
opHA has a simple yet strong authentication model, to prevent unwanted access to NMIS data.
The slave poller is configured with:
- An NMIS user and password, by default this is an Apache htpasswd file, defined in /usr/local/nmis8/conf/users.dat
- An NMIS user, with associated privileges, defined in /usr/local/nmis8/conf/Users.nmis
- An NMIS user to use for the authentication policy enforcement, defined in /usr/local/nmis8/conf/Config.nmis
- Server Community, which the server must use to request data.
The master Primary is configured with (for each slavepoller):
- An NMIS user and password, which needs to match the slave poller configuration
- A slavepoller/server community, which needs to match the slave poller configuration.
This model enables you to use separate credentials for each slave poller or the same credentials for each slavepoller, providing for simple configuration, and more secure configuration if required.
All communications between master Primary and slave poller can be done over SSL if required, this is supported by configuring your server HTTPD to support SSL and then configuring the masterPrimary, slave poller communications to use HTTPS.
opHA
...
Poller Configuration
This configuration will be done on each NMIS Slave Poller Server. By default, the shared community for a slave poller is "secret" if you want to change this to something specific you can edit the NMIS Configuration item "slavepoller_community" using your favourite text editor, edit this line and change secret to your desired opHA community string.
...
Verify that the Apache user has been configured for master Primary functions. The default userid is "nmismst" and the file /usr/local/nmis8/conf/users.dat should include an entry like
| Code Block | ||
|---|---|---|
| ||
nmismst:vnnFthCKoHsps |
...
opHA
...
Primary Configuration
Server Name for opHA
Server names need to be lower case with no spaces, e.g. NMIS_Server24 is bad, nmis_server24 is good.
Adding
...
Pollers to Servers.nmis
Once the slaves pollers have been setup, you can configure the master Primary with each of its slavespollerss. This is done by editing the file /usr/local/nmis8/conf/Servers.nmis, and adding a section for each server.
...
Edit the entry to look like this, in this example the hostname of the slave poller is "vali":
| Code Block | ||
|---|---|---|
| ||
'vali' => {
'community' => 'YOURNAMEHERE',
'name' => 'vali',
'config' => 'Config.nmis',
'protocol' => 'http',
'port' => '80',
'host' => 'vali',
'portal_protocol' => 'http',
'portal_port' => '80',
'portal_host' => 'vali',
'cgi_url_base' => '/cgi-nmis8',
'url_base' => '/nmis8',
'user' => 'nmismst',
'passwd' => 'C00kb00k'
} |
There are many options in this configuration but unless you are wanting to change the defaults considerably most of them will not matter. If you wanted to use HTTPS to connect between the master Primary and the slavepoller, you could use https as the protocol and update the port accordingly. You can use different user and passwd permissions here.
If you were presenting the Slave Poller and needed to use an alternate connection, e.g. through a reverse proxy for presenting a portal, you would modify the portal_protocol, portal_port and portal_host accordingly.
Promoting NMIS to be a
...
Primary
By default, an NMIS server operates in standalone mode (which is also slave poller mode), to have NMIS behave in a masterly Primary fashion, you will need to modify the configuration, so you can edit the NMIS Configuration item "severserver_masterPrimary" using your favourite text editor, edit this line and change from "false" to "true".
| Code Block | ||
|---|---|---|
| ||
'server_master' => 'true', |
Adding
...
Poller Groups to
...
Primary
On each slave poller you will need to determine which groups are currently in use.
...
This will result in a list of groups which need to be added to the NMIS MasterPrimary, edit /usr/local/nmis8/conf/Config.nmis and add these groups to that list, this is a comma separated list.
| Code Block | ||
|---|---|---|
| ||
'group_list' => 'NMIS8,DataCenter,Branches,Sales,Campus,HeadOffice,HQ,HQDev', |
...
,HQ,HQDev', |
You can also use the admin script /usr/local/nmis8/admin/grouplist.pl on the Primary to find and patch all groups used by all devices collected from the pollers.
Once opHA has successfully pulled/pushed the devices from poller to Primary you can analyse and patch the groups list by using the following.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
# Simply list all found groups so you can add them to 'group_list' => '...' as above
[root@opmantek ~]# /usr/local/nmis8/admin/grouplist.pl
Branches
DataCenter
IOSXR
NMIS8
The following is the list of groups for the NMIS Config file Config.nmis
'group_list' => 'Branches,DataCenter,NMIS8,IOSXR',
## You can then simply copy this last line to replace the curren line in Config.nmis
### Alternatively the script can automatically update the Config.nmis file's 'group_list' entry for you using the patch=true argument as follows:
/usr/local/nmis8/admin/grouplist.pl patch=true |
Limiting Primary Group Collection
opHA supports Multi-MasterPrimary, that means you can have several masters Primarys collecting information from the same slaves pollers if required. This could be especially useful if you wanted to have one master Primary with all groups on a slavepoller, and another master Primary with different groups from different slavespollers, effectively sharing some information between groups.
...
| Code Block |
|---|
'demo' => {
'community' => 'secret',
'name' => 'demo',
'config' => 'Config',
'protocol' => 'http',
'port' => '80',
'host' => '192.168.1.42',
'group' => 'Brisbane|Boston|Saratoga',
'portal_protocol' => 'http',
'portal_port' => '80',
'portal_host' => 'demo.dev.opmantek.com',
'cgi_url_base' => '/cgi-nmis8',
'url_base' => '/nmis8',
'user' => 'nmismst',
'passwd' => 'C00kb00k'
}, |
Test
...
Primary Collection
You can verify if the master Primary is collecting data from the slaves pollers by running this command
| Code Block | ||
|---|---|---|
| ||
[root@thor conf]# /usr/local/nmis8/bin/nmis.pl type=master debug=true sleep=1 NMIS Copyright (C) 1999-2011 Opmantek Limited (www.opmantek.com) This program comes with ABSOLUTELY NO WARRANTY; This is free software licensed under GNU GPL, and you are welcome to redistribute it under certain conditions; see www.opmantek.com or email contact@opmantek.com NMIS version 8.3.4G 14:00:33 nmisMaster, Running NMIS Master Functions 14:00:33 nmisMaster, Master, processing SlavePoller Server vali 14:00:33 nmisMaster, Get loadnodedetails from vali 14:00:33 nmisMaster, Get sumnodetable from vali 14:00:34 nmisMaster, get summary8 from vali 14:00:34 nmisMaster, get summary16 from vali [root@thor conf]# |
...
To handle devices being managed by more than one server with some determinism, there is a new feature in opHA 1.4 for server priority. By default a master Primary server is priority 10 and a slave poller is priority 5, if you have two slaves pollers managing the same nodes and you want slave1 poller1 to be used as the primary source of information, set the server priority in the Servers.nmis file to be higher than on slave2poller2, or conversely lower the priority on slave2poller2.
| Code Block |
|---|
'nmis1' => {
'name' => 'nmis1',
'config' => 'Config',
'protocol' => 'http',
'port' => '3000',
'host' => 'nmis1.domain.com',
'portal_protocol' => 'http',
'portal_port' => '80',
'portal_host' => 'nmis1.alternate.com',
'server_priority' => '6',
'cgi_url_base' => '/cgi-nmis8',
'url_base' => '/nmis8',
'user' => 'nmismst',
'passwd' => 'C00kb00k'
},
'nmis2' => {
'name' => 'nmis2',
'config' => 'Config',
'protocol' => 'http',
'port' => '3000',
'host' => '192.168.1.42',
'portal_protocol' => 'http',
'portal_port' => '80',
'portal_host' => 'nmis2',
'server_priority' => '4',
'cgi_url_base' => '/cgi-nmis8',
'url_base' => '/nmis8',
'user' => 'nmismst',
'passwd' => 'C00kb00k'
} |
This works with the master Primary as well, with the master Primary server being a higher priority by default. The master Primary priority is set with the NMIS configuration option, master_server_priority and is 10 by default.
| Code Block |
|---|
'master_server_priority' => 10, |
...
Running a
...
Primary Collection
You can optionally have the NMIS polling cycle do the master Primary collection, or you can run it separately from Cron. If you want to have it seperate separate which is a good option, change the following NMIS configuration item nmis_master_poll_cycle to be false in the file /usr/local/nmis8/conf/Config.nmis:
...
After refreshing the web pages on the NMIS Master Primary server you will see the data from the slavespollers.