You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

Installation Prerequisites

  • The individual performing this installation has some Linux experience.
  • NMIS8 is installed on the same server where opHA will be installed
  • NMIS8 is installed in /usr/local/nmis8
  • opHA will be installed into /usr/local/nmis8
  • Root access is available (not always needed but much easier)
  • Perl 5.10 
  • RRDtool 1.4.7
  • NMIS 8.3.3G or later
  • opHA will be installed onto the Master and each Slave NMIS server

Installation Steps

This step will be repeated for each NMIS master and slave server

  • Copy the opHA tarball to the slave or master NMIS server (a tarball is a GZIP'd tar file, e.g. opHA-1.1.tar.gz)
    1. You may need to use SCP or FTP to get the file onto the server.
  • The file will now likely be in the users home directory.
  • If the installation directory does not already exist
  • Change into the directory where the tarball was copied
  • Untar the file
cd ~
tar xvf ~/opHA-<version>.tar.gz
cd opHA/
cp install/Servers.nmis /usr/local/nmis8/conf/
cp cgi-bin/connect.pl /usr/local/nmis8/cgi-bin/ 
cp lib/NMIS/Connect.pm /usr/local/nmis8/lib/NMIS

/usr/local/nmis8/admin/fixperms.pl

 

opHA Authentication Model

opHA has a simple yet strong authentication model, to prevent unwanted access to NMIS data.

The slave is configured with:

  • An NMIS user and password, by default this is an Apache htpasswd file, defined in /usr/local/nmis8/conf/users.dat
  • An NMIS user, with associated privileges, defined in /usr/local/nmis8/conf/Users.nmis
  • An NMIS user to use for the authentication policy enforcement, defined in /usr/local/nmis8/conf/Config.nmis
  • Server Community, which the server must use to request data.

The master is configured with (for each slave):

  • An NMIS user and password, which needs to match the slave configuration
  • A slave/server community, which needs to match the slave configuration.

This model enables you to use separate credentials for each slave or the same credentials for each slave, providing for simple configuration, and more secure configuration if required.

All communications between master and slave can be done over SSL if required, this is supported by configuring your server HTTPD to support SSL and then configuring the master, slave communications to use HTTPS.

opHA Slave Configuration

This configuration will be done on each NMIS Slave Server.  By default, the shared community for a slave is "secret" if you want to change this to something specific you can edit the NMIS Configuration item "slave_community" using your favourite text editor, edit this line and change secret to your desired opHA community string.

'server_community' => 'secret',

Verify that the Apache user has been configured for master functions.  The default userid is "nmismst" and the file /usr/local/nmis8/conf/users.dat should include an entry like

nmismst:vnnFthCKoHsps

 

opHA Master Configuration

Adding Slaves to Servers.nmis

Once the slaves have been setup, you can configure the master with each of its slaves.  This is done by editing the file /usr/local/nmis8/conf/Servers.nmis, and adding a section for each server.

The default entries look like this:

'nmis1' => {
   'community' => 'secret',
   'name' => 'nmis1',
   'config' => 'Config.nmis',
   'protocol' => 'https',
   'port' => '443',
   'host' => 'nmis1.domain.com',
   'portal_protocol' => 'http',
   'portal_port' => '80',
   'portal_host' => 'nmis1.alternate.com',
   'cgi_url_base' => '/cgi-nmis8',
   'url_base' => '/nmis8',
   'user' => 'nmismst',
   'passwd' => 'C00kb00k'
 },
 'nmis2' => {
   'community' => 'secret',
   'name' => 'nmis2',
   'config' => 'Config.nmis',
   'protocol' => 'http',
   'port' => '80',
   'host' => '192.168.1.42',
   'portal_protocol' => 'http',
   'portal_port' => '80',
   'portal_host' => 'nmis2',
   'cgi_url_base' => '/cgi-nmis8',
   'url_base' => '/nmis8',
   'user' => 'nmismst',
   'passwd' => 'C00kb00k'  
 }

Edit the entry to look like this, in this example the hostname of the slave is "vali":

 'vali' => {
   'community' => 'YOURNAMEHERE',
   'name' => 'vali',
   'config' => 'Config.nmis',
   'protocol' => 'http',
   'port' => '80',
   'host' => 'vali',
   'portal_protocol' => 'http',
   'portal_port' => '80',
   'portal_host' => 'vali',
   'cgi_url_base' => '/cgi-nmis8',
   'url_base' => '/nmis8',
   'user' => 'nmismst',
   'passwd' => 'C00kb00k' 
 }

There are many options in this configuration but unless you are wanting to change the defaults considerably most of them will not matter.  If you wanted to use HTTPS to connect between the master and the slave, you could use https as the protocol and update the port accordingly.  You can use different user and passwd permissions here.

If you were presenting the Slave and needed to use an alternate connection, e.g. through a reverse proxy for presenting a portal, you would modify the portal_protocol, portal_port and portal_host accordingly.

Promoting NMIS to be a Master

By default, an NMIS server operates in standalone mode (which is also slave mode), to have NMIS behave in a masterly fashion, you will need to modify the configuration, so you can edit the NMIS Configuration item "sever_master" using your favourite text editor, edit this line and change from "false" to "true".

'server_master' => 'true',

Adding Slave Groups to Master

On each slave you will need to determine which groups are currently in use.

[root@vali conf]# grep group_list /usr/local/nmis8/conf/Config.nmis
 'group_list' => 'HQ,HQDev',

This will result in a list of groups which need to be added to the NMIS Master, edit /usr/local/nmis8/conf/Config.nmis and add these groups to that list, this is a comma separated list.

 'group_list' => 'NMIS8,DataCenter,Branches,Sales,Campus,HeadOffice,HQ,HQDev',

Test Master Collection

You can verify if the master is collecting data from the slaves by running this command

[root@thor conf]# /usr/local/nmis8/bin/nmis.pl type=master debug=true
NMIS Copyright (C) 1999-2011 Opmantek Limited (www.opmantek.com)
This program comes with ABSOLUTELY NO WARRANTY;
This is free software licensed under GNU GPL, and you are welcome to 
redistribute it under certain conditions; see www.opmantek.com or email
contact@opmantek.com
NMIS version 8.3.4G
 
14:00:33 nmisMaster, Running NMIS Master Functions
14:00:33 nmisMaster, Master, processing Slave Server vali
14:00:33 nmisMaster, Get loadnodedetails from vali
14:00:33 nmisMaster, Get sumnodetable from vali
14:00:34 nmisMaster, get summary8 from vali
14:00:34 nmisMaster, get summary16 from vali
[root@thor conf]#

Conclusion

After refreshing the web pages on the NMIS Master server you will see the data from the slaves.

  • No labels