Difference between revisions of "NeDI: Instalasi di Ubuntu"

From OnnoWiki
Jump to navigation Jump to search
Line 192: Line 192:
  
 
* http://www.nedi.ch/installation/
 
* http://www.nedi.ch/installation/
 +
* https://help.ubuntu.com/community/NediHowTo

Revision as of 16:31, 23 July 2015

1. Install dependencies: 

sudo apt-get install apache2 libapache2-mod-php5 mysql-server libnet-snmp-perl php5-mysql \
libnet-telnet-cisco-perl php5-snmp php5-gd libalgorithm-diff-perl rrdtool librrds-perl

Note: The command listed above needs to be on one line

2. Setup SSL on the Apache2 webserver:

IMPORTANT – You should always use SSL because Nedi contains a great amount of information about your network. Here is a great step-by-step tutorial on How to setup SSL in Ubuntu

3. Download Nedi: 

wget http://www.nedi.ch/pub/nedi-1.0.8.tgz

4. Uncompress and extract the archive: 

tar -xzf nedi-1.0-rc6.tgz

5. Move Nedi directory to /opt and fix permissions: 

sudo mv nedi /opt/
sudo chown -R www-data:www-data /opt/nedi
sudo chmod 775 /opt/nedi/html/log/

6. Create a link to the webserver root: 

sudo ln -s /opt/nedi/html/ /var/www/

7. Create a link to the configuration file: 

sudo ln -s /opt/nedi/nedi.conf /etc/nedi.conf

8. Create a MySQL database password: 

sudo mysqladmin -u root -p password "YourPasswordGoesHere"

9. Initialize the Nedi database: 

cd /opt/nedi/
./nedi.pl -i

10. Answer these prompts: 

   MySQL admin user: root

   MySQL admin pass: <enter the password you created in step #8>

11. Edit /opt/nedi/nedi.conf: 

   List your SNMP read-only passwords (one per line)
   List your telnet usernames and passwords (one pair per line)

12. Optional - Edit /opt/nedi/seedlist and add your network devices: 

List the IP addresses of your devices (one per line)

13. Restart the webserver (Apache2): 

sudo /etc/init.d/apache2 restart

14. Run a discovery of your network and gather your device configurations 

cd /opt/nedi/
./nedi.pl -pob

15. Login to your Nedi website: 

http://localhost/html/
User: admin
Password: admin
IMPORTANT - Change the admin password NOW!

16. Create a script to start/stop Nedi: 

nano /opt/nedi/startnedi.sh

17. Paste this text into that file: 

#start nedi from crontab. Creates logfiles
opts="-pob"
CMD="./nedi.pl $opts"
LOGPATH="/var/log/nedi"
LOGFILE="$LOGPATH/nedi.log"
LASTRUN="$LOGPATH/lastrun.log"
cd /opt/nedi
now=`date +%Y%m%d:%H%M`
echo "#$now start # $CMD" > $LASTRUN
echo "#$now start" >> $LOGFILE
$($CMD >> $LASTRUN)
tail -8 $LASTRUN >> $LOGFILE
now=`date +%Y%m%d:%H%M`
echo "#$now stop" >> $LOGFILE
echo "#$now stop" >> $LASTRUN'

Press “Control-O” and then “Enter” to save these changes.

18. Make “startnedi.sh” an executable file, and create a directory to hold Nedi log files: 

chmod +x /opt/nedi/startnedi.sh
sudo mkdir /var/log/nedi
me=`whoami`;sudo chown $me:$me /var/log/nedi

19. Schedule Nedi to run periodically (every 4 hours) using cron: 

crontab -e
15 */4 * * * /opt/nedi/startnedi.sh  # Discover and gather device configurations

Press “Control-O” and then “Enter” to save these changes.

-or-

Create a file in /etc/cron.d/ containing this information: 

15 */4 * * *    root   /opt/nedi/startnedi.sh  # Discover and gather device configurations

Both of these methods will cause the script to run every 4 hours at :15 past the hour beginning with 4:00am.



You can get it running on Debian/Ubuntu within 5 minutes (more details in Generic Installation Procedure): 

sudo apt-get install apache2 libapache2-mod-php5 mysql-server libnet-snmp-perl libcrypt-hcesha-perl \
libcrypt-des-perl libdigest-hmac-perl libio-pty-perl libnet-telnet-perl libalgorithm-diff-perl \
librrds-perl php5-mysql php5-snmp php5-gd php5-mcrypt rrdtool libsocket6-perl

Optional (read below for details): libweb-simple-perl libnet-ntp-perl libnet-dns-perl

Then perform the following steps: 

   create a /nedi folder somewhere (preferable in /var) and extract the tarball. Change permission to www-data
   In /etc edit apache2/sites-enabled/000-default.conf and adjust document root to /var/nedi/html
   edit apache2/apache2.conf and change /var/www to /var/nedi/html as well
   Optionally adjust php5/apache2/php.ini to increase max upload and post size
   run nedi -i and you should be able to login with admin/admin
   For security reasons, you should at least limit access to SSL and prohibit showing directory indexes…


Generic Installation Procedure 

   Satisfy the dependencies listed below.
   Extract the NeDi archive (e.g. to /var/nedi). Move the files in html to your webserver’s document root (e.g. /var/www/htdocs) or adjust the document root.
   Edit nedi.conf to fit your needs (Please use the new one as copying your existing config may lead to errors, if new items are missing). If you get ‘Dude, where is nedi.conf?’ link it to /etc.
   Cd to /var/nedi (or whatever you chose) and type ./nedi.pl -i to initialize the backend. Starting with NeDi 1.4, you can use -i nodrop for updating an existing DB structure without the need for DB admin credentials. Alternatively -i updatedb will do just that without any loss of data.
   The monitoring daemon moni.pl can be started from commandline, startup script or the GUI.
   Since syslog.pl requires a priviledged port (514) a simple workaround (to avoid running it as root) would be to forward a high port via system’s FW. This means something like this for Linux: iptables -A PREROUTING -t nat -p udp –dport 514 -j REDIRECT –to-port 1514. Just set $port in syslog.pl to 1514 (or whatever you chose the port to be). Now you can even restart it from the GUI with System-Services.
   A similar setup can be implemented for snmptrapd: iptables -A PREROUTING -t nat -p udp –dport 162 -j REDIRECT –to-port 1162.



Hardware Requirements

The computer requirements depend on the size of your network (surprised?). A single 2GHz core and 1GB Ram will do fine for networks with 500 devices and 10’000 nodes. You may consider increasing this for larger networks…

The NeDi script itself uses up to 150MB of RAM on a discovery run. If you want to include Tobi’s RRDtool, you’ll need ~200KB disk storage per interface (can be adjusted with rrdsize in nedi.conf).


Software Requirements

The discovery part is programmed in Perl and needs those additional modules: 

   Net::SNMP
   Net::Telnet
   Algorithm::Diff
   DBI
   DBD::MySQL
   RRDs
   Socket6
   LWP::UserAgent (optional HTTP service monitoring and getting info from Cisco phones)
   Net::DNS::Resolver (optional DNS service monitoring)
   Net::NTP (optional NTP service monitoring, e.g monitor actual stratum)
   IO::Tty (optional SSH support)
   libnet (provides Net::SMTP for alerts)

The frontend requires a webserver providing PHP with the following addons: 

   SQL
   SNMP
   SESSION
   GD (for Topology-Map)
   MCRYPT for SHA256 password encryption




Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=NeDI:_Instalasi_di_Ubuntu&oldid=43983"