Thursday, July 28, 2011

Installing Munin On CentOS

Configuring Munin On CentOS  x86_64 :

Munin is a monitoring tool for servers. It uses RRDtool to log and graph data from your servers. The plugin API is very easy to grasp. Actually, I haven’t read the API documentation yet. I just looked at the output of the plugins and it looks easy to achieve. The data can be accessed through the web.
Munin works by polling your servers for the data hence two applications, Munin and Munin Node. The former periodically gathers data (crond) and the latter serves the data to the former. Please refer to the following for our example configuration. You can make up a domain if you want Munin to group your servers similar to the live demo.
  • Munin “Munin Server” – shah.example.com (192.168.1.1)
  • A Munin Node – king.example.com (192.168.1.2)
- INSTALLING AND CONFIGURING MUNIN
     
 In this section, we set it up on shah.example.com

mkdir ~/downloads
cd ~/downloads


ls ~/downloads
      munin-1.2.5-2.el5.rf.noarch.rpm

-Install dag repo to get dependencies:
rpm -ivh http://download.fedora.redhat.com/pub/epel/5Server/x86_64/epel-release-5-4.noarch.rpm

-To install Munin server:
yum localinstall munin-1.2.5-2.el5.rf.noarch.rpm --nogpgcheck -y

-After installing above rpm list /var/www/munin. If it exists refer /etc/httpd/conf.d/munin.conf to set apache configuration.

vim /etc/httpd/conf.d/munin.conf

ScriptAlias /munin/cgi "/var/www/munin/cgi/"

#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Munin Access"
   AuthType Basic
   AuthUserFile /var/www/munin/passwd
   Require valid-user

Alias /munin "/var/www/munin/"

#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Munin Access"
   AuthType Basic
   AuthUserFile /var/www/munin/passwd
   Require valid-user

-Create a user for UI authentication using following:
htpasswd -c /var/www/munin/passwd munin

- Set permission to munin user:
chown -R munin:munin /var/www/munin

-Start apache/httpd and crond service
service httpd start && service crond restart
chkconfig httpd on

-You can check if it’s working through your browser (i.e. http://192.168.1.1/munin). It will prompt for user/password which we defined above with htpasswd. So put user/password accordingly to access munin UI.

================================

ADDING LOCALHOST IN MUNIN SERVER TO GET LOCALHOST GRAPHS:

- Make sure you have installed dag repo before following below steps.

cd ~/downloads


yum localinstall munin-node-1.2.5-2.el5.rf.noarch.rpm --nogpgcheck -y

-Edit Munin’s configuration on the graph (shah.example.com) server (/etc/munin/munin.conf) and add following.
[localhost]
address  127.0.0.1
use_node_name  yes
- Edit munin-node config file:
vim /etc/munin/munin-node.conf
  allow ^127\.0\.0\.1$

service munin-node start

chkconfig munin-node on


 -Now wait for 5minutes and check your browser with http://192.168.1.1/munin for localhost. It will show default graphs for localhost.  If you are willing to add other graphs for apache and so which is explained next while adding other host as node.

 ================================

Add a Node        (i.e. king.example.com)

-    Make sure you have installed Dag repo and munin-node rpms, follow above steps to do so.

After installing above, edit /etc/munin/munin-node.conf on remote host (i.e. king.example.com):
allow ^192\.168\.1\.1$
hostname king.example.com  # required only if you don’t have DNS in-place

Start  munin-node service:
service munin-node start

chkconfig munin-node on

Check log file to make sure it works fine:
tail -f /var/log/munin/munin-node.log
2011/07/28-12:00:05 CONNECT TCP Peer: "192.168.1.1:58652" Local: "192.168.1.2:4949"

If you find something unusual, resolve the dependency issue related to plug-ins which can be found at /usr/share/munin/plugins

-Now wait for five minutes and check your browser with http://192.168.1.1/munin for king.example.com.

ADDING PLUG-INS

Suppose this host is running httpd/apache service and we want to get graphs for it, here we go:

ln -s /usr/share/munin/plugins/apache_* /etc/munin/plugins/

It doesn’t work default by just adding apache plug-ins to path to make it work.
mod_status  module provides performance during load testing or for allowing a monitoring program like munin or mrtg to gather activity data for later aggregation. We need to configure apache to “ExtendedStatus”, let’s see how:
To make sure about mod_status “LoadModule status_module modules/mod_status.so” in /etc/httpd/conf/httpd.conf. And refer next.

- Edit using vi or nano /etc/httpd/conf/httpd.conf and search for server-status, you will find:

#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#    Allow from .example.com

- Change it to below:
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost

One more change we may want to make is to enable the ExtendedStatus setting in apache. This setting adds more information to the status page apache returns, like CPU use and requests per second. Enabling ExtendedStatus makes apache do a little extra work when it gets a status request, so you might weigh the extra information gained against the potential performance hit to a busy server.

Many monitoring applications that record performance over time, like munin, require that ExtendedStatus be enabled before they can monitor apache.

The ExtendedStatus setting must be set at the server level and applies to all virtual hosts running under apache. To enable it edit the httpd.conf file and look for the following entry:

#ExtendedStatus On

Uncomment that last line to enable ExtendedStatus, changing the configuration block to:

ExtendedStatus On

Restart apache, now that we've made sure the apache server status page is enabled and configured the way we want it, we'll need to restart apache:

service httpd restart

Install lynx

With apache's server status page restricted to localhost-only access we won't be able to see the page from our desktop's web browser. Luckily the server status page is just a bunch of text with no graphics, letting us use a simple approach: Run a text-based web browser while logged into the slice itself.

To try this option out we'll need to install a browser on the slice first. The browser we'll use is called "lynx", and you can install it with the following command:

yum install lynx   

No configuration is necessary, but lynx is keyboard-controlled so it's handy to know a few basic keystrokes when using it. There is a list of the most frequently-used commands at the bottom of the screen while lynx is running. If you visit a site with lynx you can navigate with the up and down keys and follow a highlighted link by hitting enter. Hit "q" to quit (and hit "y" to confirm the quit). Hit "h" to access lynx's documentation.

View the status page

The URL of the apache status page will be your domain name with "/server-status" tacked onto the end. In this section we're assuming you've configured your default server instance or virtual host to accept connections from the localhost only. Tell lynx to view your apache status page with the following command:

lynx http://localhost/server-status

You will see something like the following page if you have ExtendedStatus enabled (the example server was running, but it should look similar for all recent versions of Linux and Apache). With ExtendedStatus disabled the page will look similar, but with a few lines missing.

Srv  PID      Acc     M  CPU    SS   Req Conn  Child    Slot   Client            VHost                      Request
   0-0 10742 0/209/4209  _ 39.22  393   0   0.0  636.62  5435.21 127.0.0.1 king.example.comGET /server-status?auto HTTP/1.1
   1-0 4096  0/1006/5006 _ 1.98   93    0   0.0  1.03    2424.31 127.0.0.1 king.example.comGET /server-status?auto HTTP/1.1
   2-0 4095  0/1076/5076 _ 40.79  94    0   0.0  638.28  1678.18 127.0.0.1 king.example.comGET /server-status?auto HTTP/1.1

So, if above things go fine. Let’s move to apache plug-in for Munin:
ln -s /usr/share/munin/plugins/apache_* /etc/munin/plugins/

service munin-node restart

Now, wait for five minutes and you will be able to see apache related graphs.

Friday, June 3, 2011

PNP4Nagios with CentOS

PNP4Nagios with CentOS:

PNP is an addon to Nagios which analyzes performance data provided by plugins and stores them automatically into RRD-databases

Prerequisites

RRDtool is the OpenSource industry standard, high performance data logging and graphing system for time series data. Use it to write your custom monitoring shell scripts or create whole applications using its Perl, Python, Ruby, TCL or PHP bindings.
Our CentOS server needed a few devel libraries installed for RRDtool:

yum -y install cairo-devel glib2-devel pango-devel

Download the latest source for RRDtool

mkdir ~/downloads && cd ~/downloads
wget
http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.3.tar.gz
tar zxf rrdtool-1.4.3.tar.gz
cd rrdtool-1.4.3

Configure it with a few adjustments for our setup:

./configure --prefix=/usr/local/rrdtool

If everything is ok, then build and install it

make
make install


Zlib support for PHP -
--with-zlib

Installation
Download the
latest version of PNP4Nagios:

cd /extra/src
wget
http://sourceforge.net/projects/pnp4nagios/files/PNP-0.6/pnp4nagios-0.6.3.tar.gz/download
tar
zxf pnp4nagios-0.6.3.tar.gz
cd pnp4nagios-0.6.3

Configure it:

./configure \
--with-rrdtool=/usr/local/rrdtool/bin/rrdtool \
--with-httpd-conf=/usr/local/apache2/conf/extra \
--with-perl_lib_path=/usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi

Then build and install:

make all
make install

Copy the sample config files:

make install-config

Add pnp4nagios to your Apache configuration:

Install the Apache config file into /etc/httpd/conf.d/pnp4nagios.conf:

make install-webconf

Then edit /etc/httpd/conf/httpd.conf and add a line to load the PNP4Nagios conf file:

Include conf.d/pnp4nagios.conf

or can add the contents of httpd.conf to your Nagios VirtualHost directive:

Alias /pnp4nagios "/usr/local/pnp4nagios/share"


AllowOverride None
Order allow,deny
Allow from all
#
# Use the same value as defined in nagios.conf
#
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

# Turn on URL rewriting
RewriteEngine On
Options FollowSymLinks
# Installation directory
RewriteBase /pnp4nagios/
# Protect application and system files from being viewed
RewriteRule ^(application|modules|system) - [F,L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT,L]

- It might show error related to php-5.2, if it shows such issue add CentOS-Test repository and add following configuration as:

vi /etc/yum.repos.d/CentOS-Test-repo

[CentOS-testing]

name=CentOS-5 Testing

baseurl=http://dev.centos.org/centos/5/testing/$basearch/

enabled=1

gpgcheck=1

gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing

update php:

yum update php


Restart httpd service:

service httpd restart


Access the PNP4Nagios Environment Tests by going to http://localhost/pnp4nagios. If it passes all the tests, remove the install.php file:

mv /usr/local/pnp4nagios/share/install.php /usr/local/pnp4nagios/share/old.install.php

NPCD Daemon

Copy the sample NPCD config file:

cp /usr/local/pnp4nagios/etc/npcd.cfg-sample /usr/local/pnp4nagios/etc/npcd.cfg

Data Collection :
Nagios needs to be
configured to trigger the data collector by editing /usr/local/nagios/etc/nagios.cfg and editing/uncommenting some lines:

process_performance_data=1
service_perfdata_command=process-service-perfdata
host_perfdata_command=process-host-perfdata

Edit /usr/local/nagios/etc/objects/commands.cfg and remove the existing process-service-perfdata and process-host-perfdatacommands. Then add the new PNP4Nagios commands for service and host performance data logging:

define command {
command_name process-service-perfdata
command_line /usr/bin/perl /usr/local/pnp4nagios/libexec/process_perfdata.pl
}

define command {
command_name process-host-perfdata
command_line /usr/bin/perl /usr/local/pnp4nagios/libexec/process_perfdata.pl -d HOSTPERFDATA
}

Nagios Web Front-End Integration :
In order to easily view the graphs from your Nagios server, we can take advantage of Nagios' external URL features in extended info configs. There are two ways of doing it - regular links or Javascript pop-ups:

Regular Links
Edit /usr/local/nagios/etc/objects/templates.cfg and add:

# PNP4Nagios host/service definitions
define host {
name host-pnp
action_url /pnp4nagios/graph?host=$HOSTNAME$&srv=_HOST_
register 0
}

define service {
name srv-pnp
action_url /pnp4nagios/graph?host=$HOSTNAME$&srv=$SERVICEDESC$
register 0
}

OR

Javascript pop-ups :
Copy
status-header.ssi to your Nagios web files:

cp /downloads/pnp4nagios-0.6.3/contrib/ssi/status-header.ssi \
/usr/local/nagios/share/ssi/

Edit /usr/local/nagios/etc/objects/templates.cfg and add:

define host {
name host-pnp
action_url /pnp4nagios/graph?host=$HOSTNAME$&srv=_HOST_' class='tips' rel='/pnp4nagios/popup?host=$HOSTNAME$&srv=_HOST_
register 0
}

define service {
name srv-pnp
action_url /pnp4nagios/graph?host=$HOSTNAME$&srv=$SERVICEDESC$' class='tips' rel='/pnp4nagios/popup?host=$HOSTNAME$&srv=$SERVICEDESC$
register 0
}

To use them, add them to your host/service definitions with something similiar to:

define host{
use linux-server,host-pnp ; Name of host templates to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name localhost
alias localhost
address 127.0.0.1
}

define service{
use local-service,srv-pnp ; Name of service template to use
host_name localhost
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}

Wednesday, June 1, 2011

SWAP Memory (Creating Swap file)

What is swap?

Swap space is an area on disk that temporarily holds a process memory image. When physical memory demand is sufficiently low, process memory images are brought back into physical memory from the swap area on disk. Having sufficient swap space enables the system to keep some physical memory free at all times.

There are three types of swap: device swap, file system swap and pseudo swap. Device swap is a separate partition allocated when the disk is configured. File system swap allows you to use the existing file system to allocate swap space. Pseudo swap is allocated from system memory on some systems.

How can I create swap on these machines?

Though we cannot create device swap, we can still create create file system swap. Steps are given below to create swap file:log-in as root and check your existing mounted partitions to create swap file using disk usage utility :

[root@shah-lp ~]# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/sda1 9.9G 7.8G 1.6G 84% /

none 7.6G 0 7.6G 0% /dev/shm

/dev/sdb1 414G 32G 362G 8% /share

As we can see above /dev/sdb1 is mounted at /share and it got enough space to create swap file.

Assume my machine got 4GB physical RAM & 2GB of SWAP. Now we are looking to increase it to 8GB, 6GB more. follow below steps:

[root@shah-lp ~]# dd if=/dev/zero of=/share/swapfile bs=1G count=5

5+0 records in

5+0 records out

5368709120 bytes (5.4 GB) copied, 64.3235 seconds, 83.5 MB/s

[root@shah-lp ~]# mkswap /share/swapfile

[root@shah-lp ~]# swapon /share/swapfile

[root@shah-lp ~]# echo " /share/swapfile swap swap defaults 0 0" >> /etc/fstab

[root@shah-lp ~]# mount -a

To confirm run :

[root@shah-lp ~]# free -m

total used free shared buffers cached

Mem: 15367 11428 3938 0 53 10378

-/+ buffers/cache: 996 14370

Swap: 23551 0 23551

[root@shah-lp ~]# swapon -s

total used free shared buffers cached

Mem: 15367 11428 3938 0 53 10378

-/+ buffers/cache: 996 14370

Swap: 23551 0 23551



Thursday, April 14, 2011

Pre-Commit Hook Script for Subversion

#!/usr/bin/perl

use strict;
# config section
my $minchars = 4;
my $svnlook = '/usr/bin/svnlook';

#--------------------------------------------
my $repos = $ARGV[0];
my $txn = $ARGV[1];
$\="\n";
my @comment = `$svnlook log -t "$txn" "$repos"`;
my @reviewer = ();
my @unit = ();
my @tp = ();
my @reviewer1 = ();
my @unit1 = ();
my @tp1 = ();

foreach my $line (@comment)
{
chomp($line);
@reviewer1=split(':', $line) if ($line =~/Reviewer/i);
@reviewer=split(/\s+/, $reviewer1[1]);
@unit1=split(':', $line) if ($line =~/Unit/i);
@unit=split(/\s+/, $unit1[1]);
@tp1=split(':', $line) if ($line =~/TP/i);
@tp=split(/\s+/, $tp1[1]);
}

if ( length($comment[0]) == 0 ) {
print STDERR "A comment is required!";
exit(1);
}
if ( $#reviewer == 0 ) {
print STDERR "A code reviewer is required! e.g. Code reviewer: some text";
exit(1);
}
if(!($reviewer[1] =~ /\w/i))
{
print STDERR "A code reviewer name is required! e.g. Code reviewer: some text";
exit(1);
}
print $unit[0];
if ( $#unit == 0 ) {
print STDERR "A Unit Test is required! e.g. Unit Test: N/A";
exit(1);
}
if(!($unit[1] =~ /\w/i))
{
print STDERR "A unit test value is required! e.g. Unit Test: N/A";
exit(1);
}
if ( $#tp == 0 ) {
print STDERR "A Nature of TP is required! e.g. Nature of change (TP#): some text ";
exit(1);
}
if(!($tp[1] =~ /\w/i))
{
print STDERR "A nature of tp value is required! e.g. Nature of change (TP#): some text";
exit(1);
}
exit(0);

Friday, March 25, 2011

Configuring SAMBA on CentOS/RHEL

Configuring Samba on CentOS/RHEL to share data with Windows

suppose we want to share one directory with multiple users e.g. shah and king.

# groupadd share

# useradd -G share shah
# useradd -G share king

# mkdir /data

# chgrp share /data

# chmod g+rwx,o-rwx /data

Now if you are looking to enable group in-inheritance on directory:

# chmod g+s /data

If you want to enable sticky bit to keep data secure from other member of group or you do not want other members to delete sub-content of directory:

# chmod o+s /data

Now, install following rpms using Yum:

# yum install samba samba-client samba-common -y



Edit samba config file:


# vim /etc/samba/smb.conf


Put following content:


[share]
comment = Share Group's Stuff
path = /data
valid user= shah , king
public = yes
writable = yes
printable = no
write list = +staff

Details of Config:

[share] - #share name to be visible on windows
comment - #User prompt message for windows
valid user - #User name which you want to use for access
path - #Path of dir which you are looking to share
public - #share should be visible to other users
writable - #User should allowed to write from windows or smb shell
printable - #It is a share not printer
write list - #list of users or group who is allowed to write on share


Search for "hosts allow" in smb.conf to define hosts access :

hosts allow = 127. 192.168.12. 192.168.13. 192.168.1.20

Save and close the file. And define samba user's passwords:

# smbpasswd -a shah

# smbpasswd -a king


Start samba service:

# service smb start

Enable samba service at boot-up:

# chkconfig smb on

To verify shared dir or config:

# testparm

Now access share on windows:

Windows--> run --> \\smb-server_or_ip.ad.dr.ess


It will prompt for the user/password. Enter ;) and have fun.

Friday, January 14, 2011

Apache and Subversion authentication with Microsoft Active Directory

Apache and Subversion authentication with Microsoft Active Directory on CentOS:

1) Create an user account on AD as ldapbind under Users OU

2) On CentOS Box, Install following packages:

# yum install httpd subversion openldap openssl mod_dav_svn mod_authz_svn mod_ssl

3) Create a repo:

# svnadmin create /svn/repo1

4) Edit /etc/httpd/conf.d/subversion.conf file with following parameters:

# vim /etc/httpd/conf.d/subversion.conf


<(Location /svn)>
DAV svn
SVNParentPath /svn
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "My Subversion Server"
AuthLDAPURL "ldap://server.example.com:389/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldapbind@example.com"
AuthLDAPBindPassword "password"
require valid-user
Order allow,deny
AllowOverride None
Allow from all
< / L o c a t i o n >


5) Edit /etc/openldap/ldap.conf :

REFERRALS off

6) Restart httpd service and try to access on UI:

# service httpd start
# chkconfig httpd on

7) Access on UI: https://example.com/svn/repo1