Sunday, June 19, 2011

Article: Installing Nagios V-Shell on Ubuntu

[Abstract]
In this article I will describe how to install the new Nagios interface "V-Shell" in Ubuntu.


[Prerequisites]
This article requires you to have intermediate knowledge of Ubuntu.
It also assumes that you have a working install of Nagios 3. If you don't please see my previous article "Installing Nagios 3 on Ubuntu" for help.

These instructions has been tested on Ubuntu server 11.04 x64.


[General]
In a previous article I described how to install Nagios 3 on Ubuntu. While that install was fully working, Nagios has (fairly) recently released an optional improved interface which I highly suggest that you take a look at.
The new interface, dubbed V-Shell, looks a lot nicer and extends the functionality of the basic interface that comes with Nagios. I would also seem that V-Shell receives updates and improvements whereas the basic interface is pretty much where it's at.

There are a few things one should know about V-Shell. For one it doesn't actually replace the basic interface, but rather piggybacks on it, parsing it and changing the look. Some features actually link right back into the basic interface.
However, V-Shell is simple and works pretty well and I think that we will see some improvement in the future.
That said, V-Shell is probably not the best interface for Nagios there is and i encourage you to have a look around. I thought Centreon looked very nice but I just couldn't make the damn thing install.

On the subject of installation. I suggest that you go over to nagios.org, find the pdf with the installation instructions for V-Shell and print it out, then use it as toilet paper. Yes, it is in fact that bad.
Not only is it written very specifically for distributions that folder-wise look nothing like Ubuntu, but they also seem to omit about half the instructions needed to make it work.
That is why I wrote this article.

[Installing V-Shell]
Okay, so I will assume that you have a working Nagios 3 setup and are able to access the basic web interface by appending /nagios3/ to the server address.

To install V-Shell follow these simple instructions

  1. Download V-Shell to your home folder. I use wget so the full command is as follows. Please note that the url to the latest version might change. wget http://assets.nagios.com/downloads/exchange/nagiosvshell/vshell.tar.gz
  2. Unpack vshell.tar.gz by issuing the following command tar -xf vshell.tar.gz
  3. My default install of Nagios uses Apache and the root folder is /var/www/. I want V-Shell to be accessible directly from the website root so I simply cleared out all files from /var/www/ and copied the entire V-Shell folder contents to it by issuing the command sudo cp -r /home/eadmin/vshell/* /var/www/
  4. There are a few files in there that we don't need to be on the website so go ahead and delete the following files using sudo rm; CHANGELOG, gpl.txt, install.sh, README.txt and TODO.txt
  5. Enter the config folder using cd /var/www/config/
  6. Somewhere around here is where the V-Shell installation document goes wrong, because it simply tells you to modify the config file and a few things it assumes about Apache. Fortunately I know what to do.
    Open vshell.conf with a text editor, I use nano so my command is sudo nano vshell.conf
  7. Since we use the root for vshell, comment out the BASEURL line with a ;
  8. Set COREURL to "nagios3"
  9. Set STATUSFILE to "/var/cache/nagios3/status.dat"
  10. Set OBJECTSFILE to "/var/cache/nagios3/objects.cache"
  11. Set CGICFG to "/etc/nagios3/cgi.cfg"
  12. Exit and save, then move the file to /etc/
  13. Remove the entire config-folder by first going out of it using cd .. and then issuing the command sudo rm -r config
  14. Go to /etc/apache2/sites-available using cd /etc/apache2/sites-enabled/
  15. Open the symlinked site file, in my case it was called 000-default so I issued the command sudo nano 000-default
  16. Find the line that says <Directory /var/www/>
  17. Below it, change everything so that only text between it and the next </Directory> is the following:
    Options None
    AllowOverride None
    Order allow,deny
    allow from all
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /etc/nagios3/htpasswd.users
    Require valid-user
  18. Exit and save.
  19. Finally, restart Apache by issuing the following command: sudo /etc/init.d/apache2 restart
And that's it. Fire up your favorite browser and go to http://[server address]/ and login. V-Shell should load nicely.

[A note on folder structure]
This example used the root folder for V-Shell, if you prefer to have V-Shell in a subfolder, for example /vshell/, you can put the files in /var/www/vshell/, change the value of BASEURL above to "vshell" and modify vshell_apache.conf in the config folder to match your paths, copy it to /etc/apache2/conf.d/ and then restart Apache.


Feel free to ask any questions or add comments regarding this post in the comments. I'll try and answer best I can, promise.

Cheers
Posted by at 4 comments:
Links to this post

Article: Installing Nagios 3 on Ubuntu

[Abstract]
In this article I will describe the process of setting up a basic Nagios 3 monitoring server using Ubuntu.
For more in-depth topics, please see follow-up articles that I will be posting.

[Prerequisites]
This article requires you to have intermediate knowledge of Ubuntu.
It also assumes that you have a basic install of Ubuntu server 11.04 (other versions might work fine) on a suitable server. I my case this is a VMware Server guest and I have performed a default installation, only adding an openssh server to simplify management. I have also updated it with all the latest patches and installed drivers.

These instructions has been tested on Ubuntu server 11.04 x64.

[General]
In my line of work I have two choices, I can sit and wait for angry customers to call me to tell me something isn't working, or I could find out myself and be well on my way to solving it when they call.
For about two and half years now, my firm has chosen to do the former, simply because no one had any good experience with monitoring software or the free time to find out.
I can tell you now that if I had known how easy a Nagios install was two years ago, I would have taken the time to do this. Granted it might have been a lot harder back then.

One of the main problems with installing Nagios is it's near complete lack of documentation and the fact that every single guide has a different way of doing it. I will be the first to say that this one doesn't exactly improve that situation per say, but this article has one major advantage; it rocks!

[Installing Nagios]
So lets get started.
Like the prerequisites above explained, I will assume that your Ubuntu installation is already complete and that you have installed any additional tools you prefer, like ssh, a text editor etc. No Nagios-prerequisites are included in this so don't bother about apache, mail servers or anything like that at this point.
You should take a moment to decide how mail will work in your environment. I'm not entirely sure if there are parts of Nagios that can benefit from receiving mail but we will at least have to send out mail. For now I decided to relay all emails to my ISP's smtp server and not to complicate things by setting up a local mail server.
We will use this information in the following instructions

To install Nagios 3 just follow these simple instructions

  1. Make sure aptitude is up to date by issuing sudo apt-get update
  2. Install nagios 3 by issuing sudo apt-get install nagios3
  3. Gape in amazement at how page after page of installation instructions can be condensed into that.
  4. The setup will ask a series of questions regarding mail configuration. As discussed above I selected Satellite system as the server type.
  5. Depending on your choice in step 4, the setup will ask some questions about mail domains and such. For this setup I choose so specify [companyname].local for addresses that is missing domain name (I don't intend this to happen so it shouldn't matter, hopefully) and specified my ISP's smtp server as relay host.
  6. After the mail configuration, the setup will ask for a password for the default user nagiosadmin. We will be disabling this account later on so choose any password for now.
  7. That is it. Unless you have received any errors everything should be good to go.

[Creating a new user]
Personally, the first thing I want to do is create a new user and get rid of nagiosadmin for security reasons.
To create a new user you have to do a few things.
  1. Create the user in Nagios. My new user is called jonatan so my command looks like this: sudo htpasswd -c /etc/nagios3/htpasswd.users jonatan
  2. Specify a password.
  3. Repeat for additional users BUT WITHOUT "-c", it creates a new file and thus removes any old users.
  4. Edit /etc/nagios3/cgi.cfg, I use nano so my command looks like this: sudo nano /etc/nagios3/cgi.cfg
  5. A page or two down you will see a few variables beginning with "authorized", read what each one does and then remove nagiosadmin from each one and add users to your liking, I added my new "jonatan" user to every one except for read only users (which is disabled anyway)

[Testing]
At this point we're ready for a test.
Fire up your favorite web browser and enter the following address and login with your user. In my case the server ip was 192.168.0.56 so I entered http://192.168.0.56/nagios3/


Behold! Possibly the ugliest interface in the history of good software. But it does what it's supposed to do so for now just browse around and have a look at what the default config can do.

[Finishing points]
Compared to some other guides out there, this one is straighter than an Australian highway. Ubuntu makes this incredibly easy. Unfortunately, this is the easiest part, Nagios' documentation is legendary and Ubuntu's different folder structure makes a lot of it near impossible to figure out.
But that's a later problem.

In some follow-up articles I will show you how to straight out some small errors in the configs, install Nagios V-Shell and add monitored machines.
Stay tuned!

Feel free to ask any questions or add comments regarding this post in the comments. I'll try and answer best I can, promise.

Cheers
Posted by at 2 comments:
Links to this post

Wednesday, June 15, 2011

Rant: Where Cisco went wrong

First post in 6 months, yay.

So i need to get this off my chest, and with any luck get a few suggestions or helpful comments.

So i've been meaning to learn Cisco now for a couple of years but have always pushed it back for another time. I figure it's well past another time by now.

I'm at the first step and I'm already stuck, thanks to Cisco and their crazy line of products. Basically I'm just trying to find a suitable device to get going.
As I find that the best way to learn something is to use it live, I figure I'll take my beloved home Vyatta router and put in on hiatus for a while whilst I try out and learn Cisco.

For that reason I have a few requirements that Cisco seem pretty unwilling to meet.

  • Roughly 200mbit throughput.
  • Static dhcp leases.
  • NAT
  • Firewall with ACL.
  • QOS might be needed.

I really don't think that is a tall order, perhaps the 200mbit throughput is a bit steep but when i have 200mbit internet I think I should use it.

So what devices have we that can do this?
Simply put we can categorize Ciscos current lines for this type of usage into ASA and IOS. IOS is used in all the cool stuff while ASA is more leaned towards all-in-one boxes. The ASA lines sounds great in theory and the 5505 is a very neat device at a good price.
But wait, what is that? The DHCP server can't do static leases? WTF? ASA also has a few other quirks which I have not been able to fully substantiate, making any ASA device not quite suitable to learn from, as well as missing one of the key features i really want.

IOS on the other hand suffers from another condition, it doesn't have a very good firewall. I have found hints that an advanced firewall software pack or such is available but have have not been able to make out how that works or what it costs.
IOS based devices also have another big drawback, they cost a lot when you need high throughput. A 1921 at twice the price of a 5505 can in theory do 200mbit (50 more than 5505) but my sources tell me that since 5505 is made to run a firewall and such, this is actually already calculated whereas a 1921 will drop to sub 100mbit if firewall, nat and acl is activated.
Going for the IOS based routers simply aren't possible because of the price.

So this is were it leaves me. I will have to get an ASA, or possibly a cheaper PIX which is pretty much the same as software and features go. Not good.

Any suggestions are welcome.

Cheers
Posted by at No comments:
Links to this post
Subscribe to: Posts (Atom)