Attention: This document covers installations up to and including NMIS Version 8.5.4G and will not be updated in the future.
For NMIS versions 8.5.6G and newer the installation process was simplified substantially, and there is an updated version of the installation guide for 8.5.6G.
- Linux Distribution
- Additional Packages
- RRDTool Installation
- NMIS8 Installation
- Perl CPAN Module Installation
- Initial NMIS Troubleshooting
- NMIS Web Server Setup
- Ensure Security settings will allow you to access the web server
- Quick Testing
- NMIS Crontab Configuration
- SNMPD, Net-SNMP and Testing your Configuration
This document will describe how to install NMIS8 on GNU/Linux distros. This document is based on Terrell Prude Jr’s document for the installation of NMIS 4.3.x, v1.1 April 1, 2010.
NMIS8 has been widely deployed and tested on many Linux distros, with Red Hat/CentOS being the most popular. This document contains variations specific to several Linux distros, but not all of them have been tested equally heavily. Please provide feedback and submit modifications or changes to firstname.lastname@example.org.
The reader is assumed to have a working knowledge of UNIX or GNU/Linux systems, how to compile software, and what Perl is. While NMIS is written in Perl, you do not need to be a "Perl hacker" to install this program and make it work.
Also, this document will use the <nmisdir> tag to refer to NMIS's installation directory. The default location is /usr/local/nmis8.
First, install your GNU/Linux distribution. With both CentOS 5 and Debian, I do a basic installation with no extra stuff. That means no GNOME, KDE, "Server" packages, or anything else. Just a base installation is all that's necessary. This guide has been checked on a CentOS minimal install which is indeed quite minimal, because of this you may see some packages being installed that you might normally assume to be installed.
Linux Security Settings
If you're running CentOS or any other Red Hat-derived distribution, be sure that SELinux is turned off, Permissive mode was tested and it worked well, just very nagging. So disabling SELinux is a lot easier that way.
Also, I like to turn off the default Red Hat firewall. It is assumed that the reader knows how to do both of these; if not, there are plenty of resources on the Web describing how.
Now that you have your system set up, there are some things that we need to install to make NMIS work. Some of these are required for the compilation of certain Perl modules and of RRDtool. These packages will come from your distribution's repositories.
CentOS Additional Packages:
Debian/Ubuntu Additional Packages:
We now need to get RRDtool, by Tobi Oetiker. The NMIS development team suggests that you download the latest stable RRDtool and compile it yourself - however, for normal NMIS deployments the distribution-provided RRDtool is generally sufficient.
If you want to skip the build step and use packaged versions, simply install the following packages and then skip to the next step.
There are suitably recent RRDTool packages for CentOS, but they are not part of the 'default' repositories (these don't contain anything or very outdated versions). To work around this you need to enable the RepoForge repository first to gain access.
Compiling your own RRDtool:
The latest version of RRD is available at http://oss.oetiker.ch/rrdtool/.
Unpack the RRDtool tarball. NMIS8 has been testing using v1.4.7 and for this example. To build and install a “GNU” make based system, you run ./configure, then make, then make install, for RRDTool for NMIS we need a configure option setup.
When this step is finished, you should see something like this:
So far, so good. You have all the things RRDtool needs to compile. Let's keep going.
Now, rrdtool should be installed the way NMIS likes it.
And speaking of NMIS, if you haven't already downloaded it, the latest version (v8.5G at time of this writing) is available at http://opmantek.com
The unpacking of the tarball in the previous step created a directory called
nmis8.5g, which can be installed manually or semi-automatically.
The installer will likely tell you that a number of required CPAN modules are missing and have to be installed, but the on-screen prompts will guide you through that process.
At this point, I like to copy this entire directory to the /usr/local directory tree and make some symlinks, like so.
My <nmisdir> is, in this case, /usr/local/nmis8. For those who have been using NMIS for a while, make a /usr/local/nmis.
The <nmisdir> tree needs to be owned by the user "nmis", which doesn't exist yet. Furthermore, the userID under which Apache runs ("apache" on Red Hat and "www-data" on Debian) needs to have access to the <nmisdir> tree. So, we need to add to make these things happen. We are still in the /usr/local directory at this point.
Now we add the Apache userID to the nmis group.
NOTE: the stuff that used to be sitting in <nmisdir>/conf in previous NMIS tarballs is now located in <nmisdir>/install. Since we're doing a new installation here, we'll just copy everything in <nmisdir>/install to <nmisdir>/conf.
Perl CPAN Module Installation
Now, let's get busy with the Perl modules. NMIS, being written in Perl, uses numerous "Perl modules". These are available from the Comprehensive Perl Archive Network, known affectionately as "CPAN". No, not "C-SPAN", I mean "CPAN". :-)
Here's how we get to CPAN.
You will be asked a bunch of questions. It is safe to select all the defaults. Indeed, if you don't know what the questions are asking you, selecting the defaults is strongly recommended! HOWEVER, with some distros (Debian is a notable exception) you must select some CPAN mirrors, because that's where you're going to download your Perl modules from. Choose those which are closest to you. For me, that's North America; for Peruvians and Brazilians, that's South America; and so on.
On some distros like Red Hat/CentOS, you should start with this command. Debian doesn't seem to require it, which is good, because the command doesn't work on Debian's CPAN client anyway. :-)
Additionally, I like to ensure my CPAN client program, which is what we're running ("CPAN.pm"), is the latest, up-to-date version. This will take a while and ask for several other "dependency" modules. Just tell it "yes" each time. If you would like to have cpan automatically choose yes use this code:
And run this code to do the update:
OK, we've got CPAN prepped, locked, and loaded. :-) Now, install all the Perl modules listed in the official NMIS docs, like so.
$cpan> (assume the following lines are at this prompt)
With recent versions of cpan it's also possible to give the modules to install on the command line:
Unix File Permissions
Make nmis user and group own all the files.
If you decide on a different user and group name, update the NMIS Configuration Config.nmis accordingly.
One of the joys of Unix is granular file permissions, one of the frustrations of Unix is granular file permissions. To assist we have added a handy script in the admin directory <nmisdir>/admin/fixperms.pl which will read the NMIS Configuration and fix the permissions accordingly.
Initial NMIS Test
You should now be set. As an initial check, I like to go into my <nmisdir>/cgi-bin directory and run
and see what happens. If all is working, you should get a bunch of HTML code. If you don't, it'll probably be NMISCGI complaining that it cannot find a given Perl module. Review your steps above; you likely missed something. The important thing to do is not to panic.
Initial NMIS Troubleshooting
RRDTool Libraries not Found
(This should no longer be a problem on NMIS8, but if you did something different with RRDTool, this is an easy way to fix it.)
For some reason, on some distros, NMIS will not be able to find the file RRDs.pm, which is a Perl module that comes with RRDtool, and that NMIS needs to be able to find and use. I ran into this problem. Fortunately, the NMIS development team included a small hack to take care of this. The line explicitly "uses" the RRDs.pm file in the/usr/local/rrdtool directory tree, but you have to uncomment that line in the NMIS program files themselves.
One way to quickly accomplish that is to run the following script within /usr/local/nmis8/bin and /usr/local/nmis8/cgi-bin. You can just cut 'n' paste it into your terminal.
NMIS Config Test
Once this is working, you're ready to head into the <nmisdir>/bin directory and do the "acid" test.
You should get what looks like a long checklist with "OK" at the end of every check. If you do this, then NMIS itself is configured correctly. The output will look something like this:
The errors above are OK, NMIS will fix them itself.
NMIS Web Server Setup
Now, we need to set up the Web server so that folks can actually *get to* NMIS and look at the data. :-) That means generating an Apache config file pointing to the NMIS directory tree. NMIS itself is smart enough to be able to generate this for us. Thanks, NMIS team!
All you have to do is this.
We name the file prepending 00 so that it is the first config file read. The main part of the Apache config is as follows.
You can use whatever filename you want instead of "00nmis.conf". This is very distro-dependent.
CentOS and other Red Hat derivatives:
Copy 00nmis.conf to /etc/httpd/conf.d/
Copy 00nmis.conf /etc/apache2/sites-available/, and enable that site:
You could also integrate the
00nmis.conf into your existing web server configuration under its own virtual host, or into an existing set of hosts. This means you can run other version of NMIS on the same server, or for different customers for example, this is intended to be flexible for alternate integration.
Now that your NMIS config file for Apache is present--and if necessary, tweaked for your distro--start Apache itself. If it's already started, then restart it. How to do this is also very distro-dependent. Unlike me, BSD and Solaris users don't need no steenkin' startup scripts. :-)
Auto Start HTTPD Server
Ensure that you tell Linux to start HTTPD automatically
Nothing should be necessary as the apache2 is set to automatically start during the initial package installation, but if this should have failed:
Start HTTPD Server
You will need to start or restart Apache after configuration.
If you get an error like this, it just means the hostname and FQDN on the Linux box hasn’t been setup right, verify you have this setup correctly and update the httpd.conf for Apache accordingly.
Ensure Security settings will allow you to access the web server
For the purpose of this guide we will just disable security settings, this may not be the correct answer for you depending on your situation
We will just disable ip tables, on Redhat/CentOS
Again, just turn it off. Edit /etc/selinux/config
You can reboot now, or you can step SELINUX with the following command.
Now, fire up your favourite Web browser (mine's Konqueror) and surf to your server. The URL will be "http://yourhostname.domain.tld/cgi-nmis8/nmiscgi.pl". Of course, if you have no DNS or hosts lookup for this box yet, just replace "yourhostname.domain.tld" with your new NMIS server's IP address.
You should get the NMIS Dashboard. If you don't, then check to make sure you included the "/cgi-nmis8/nmiscgi.pl" in the URL. Yep, I've made that mistake too many times to count. It's easy to forget, so make sure you include it.
Congratulations! It works, and you're almost done. We're in the home stretch.
NMIS Crontab Configuration
We ensured crontab was installed above, now we'll make sure it's running:
Debian/Ubuntu: nothing needs to be done. Cron is automatically started.
Now we have to tell NMIS to run the data collection every so often. For that, we use a cron job. Edit root's crontab ("crontab -e" at the root shell), like so. Remember to change the first line, the "MAILTO" line, to contain your actual email address.
Again, this file was originally generated for Red Hat / CentOS. The lines to change for other distros (e. g. Debian) are the last three. Everything else should be fine.
After you're done, issuing a crontab -l is a good idea to make sure it's all there. Note that crontab -e on most GNU/Linux distros uses the traditional "vi" editor, whereas on Debian, "nano" is used.
Note that there is a reference in this crontab to a <nmisdir>/conf/logrotate.conf file. That file contains a reference to <nmisdir>/logs/ciscopix.log. This is for those who run Cisco PIX/ASA Firewalls. Unfortunately, this file is not in the tarball for NMIS, so you'll get a non-fatal "Hey, there's no ciscopix.log file for me to logrotate!" every day. Fortunately, that's easy to fix.
And now, go ahead and add your hosts to NMIS. There's a nice GUI for doing that which is pretty easy to use. Hey, if an MCSE like me can figure this out, anyone can. :-)
Time to celebrate! You're done! Enjoy your shiny new NMIS installation, and be sure to thank the teams that brought it to you. That would be the NMIS development team and Tobias Oetiker.
SNMPD, Net-SNMP and Testing your Configuration
NMIS8 has been shipped with two nodes configured for collection, to prove it is all working, one is a pingonly node which is ping of the localhost, and the other is localhost using SNMP, and in the <nmisdir>/conf/snmpd.conf is what you need to get it working.
Because you have already installed NET-SNMP earlier, you just need to backup that config and move in the NMIS sample one, you should modify this accordingly to secure the SNMP read access according to your organisations security policy.
The last command in the list above will fail as there is no /etc/sysconfig directory on this platform. Instead the snmptrap service is started by the snmpd service, and is enabled by updating the file /etc/default/snmpd:
Auto Start SNMP Daemons
Ensure that you tell Linux to start SNMPD automatically
Debian/Ubuntu - this is start both snmp and snmptrap services
Start SNMPD Manually
The first time you can start it manually.
Run a Test Update
With everything else done, you can run a test update
The output will look something like
Run a Test Collection
With everything else done, you can run a test update
The output will look something like