How To Setup a CentOS 7 Syslog Server

Today we learn how to build a syslog server.  Having a couple SuperMicro Builds, Switches and Firewalls, I want to be able to know what is going on by looking at one central source.   Easiest way to do this, and one that most Network Devices and SuperMicro Motherboards support is syslog.

First step is to build a quick CentOS 7 VM.  Next we install rsylog and other packages we will use later.  If you have installed the Minimum CentOS 7 image you will need the vim and net-tools packages.

yum install rsyslog vim net-tools

Next we open the syslog.conf file to allow the server to listen for syslog messages.

vim /etc/rsyslog.conf:

Then we un-comment the following four lines to allow syslog messages to be received on UDP and TCP Ports 514.

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

becomes

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Then we restart the syslog service.

systemctl restart rsyslog.service

Then we want to verify that the service is listening on port 514.

netstat -an | grep 514

We should see that TCP is listening and that UDP is now showing for port 514.

Capture.PNG

Finally we want to allow TCP and UDP 514 through the firewall.

firewall-cmd –permanent –zone=public –add-port=514/tcp

firewall-cmd –permanent –zone=public –add-port=514/udp

firewall-cmd –reload

Now that we have the syslog server up and listening, lets configure one of our servers to forward its message.

For my SuperMicro servers, we log into the IPMI page and click on the Configuration Tab and then Syslog.  We click “Enable Syslog” and then we enter in the IP and Port for our Syslog Server.  Finally we click Save.

Capture

For ESXi we need to login to the CLI of each ESXi host and run the following command, replacing the below IP with your syslog IP.

esxcli system syslog config set –loghost=’tcp://10.11.12.13:514′

Capture

For me Dell X1052 Switch, we log into the Administrator Web GUI and Click Log and Alerts, Expand Remote Log Servers, and Click Edit.

Capture

Then we click Add.

Capture.PNG

Then we enter the required information for our Syslog Server.

Capture.PNG

Eventually as events are generated you will see them in /var/log/messages on the your syslog server.  Once we configured our Dell Switch we saw the following message generated.

Capture

Advertisements

How to Install and Configure Cobbler on CentOS 7

The original installation instructions I found are here, and unfortunately they didn’t quite work.  I’m starting to notice a trend.  Either my Google-Foo is getting worse, or people are getting lazy with directions.  The Cobbler Quickstart Guide is the best and most up-to-date I have found.  Early in my career I worked with an Engineer who was a wizard with all things Linux.  He helped me with kickstarting boxes, and I never found the time, or I guess, wanted to find the time to learn the system.  It turns out it was easier than I thought.  Now if only I could master regular expression like he could.

  • Disable SELINUX

[root@cobbler tmp]# getenforce

[root@cobbler tmp]# yum -y update[root@cobbler tmp]# yum -y install cobbler cobbler-web dnsmasq syslinux pykickstart xinetd bind fence-agents wget

  • Start the Cobbler Services

systemctl enable cobblerd

systemctl start cobblerd

systemctl enable httpd

systemctl start httpd

cobbler1

  • Change the default password for the Cobbler User

[root@cobbler tmp]# htdigest /etc/cobbler/users.digest “Cobbler” cobbler

  • Edit /etc/cobbler/settings
    • There are a handful of settings that need to be changed here.  Biggest among them is default_password_crypted.  This is the root password for the installed systems.
    • To create this encrypted value run the command

      [root@cobbler tmp]# openssl passwd -1 -salt ‘randomphrase’ ‘Changeme123’

    • Copy the value output and paste in into the field default_password_crypted
    • Other fields include

manage_dhcp: 1
manage_dns: 1
pxe_just_once: 1
next_server: YOURSERVERIP
server: YOURSERVERIP

  • Edit /etc/cobbler/dhcp.template
    • Change the Network related fields to fit your network.
    • The below block is all that needs to be changed

subnet 192.168.1.0 netmask 255.255.255.0 {

option routers             192.168.1.1;

option domain-name-servers 192.168.1.210,192.168.1.211;

option subnet-mask         255.255.255.0;

filename                   “/pxelinux.0”;

default-lease-time         21600;

max-lease-time             43200;

next-server                $next_server;

}

  • Run Check Scripts

[root@cobbler tmp]# cobbler check

The following are potential configuration items that you may want to fix:

1 : debmirror package is not installed, it will be required to manage debian deployments and repositories

2 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler’ and should be changed, try: “openssl passwd -1 -salt ‘random-phrase-here’ ‘your-password-here'” to generate new one

  • You will find a handful of items that show up.  For me it showed what services I didn’t have installed and other parts.  The necessary ones are below.  debmirror is not available on CentOS 7.  Essentially it’s just a perl script, and there are handful of posts on how to recreate it on CentOS 7, but I haven’t investigated.
  • Install undocumented Cobbler Dependencies

[root@cobbler tmp]# cobbler get-loaders

  • Restart cobblerd and then run ‘cobbler sync’ to apply changes.

[root@cobbler tmp]# systemctl restart cobblerd

[root@cobbler tmp]# systemctl restart cobblerd

[root@cobbler tmp]# cobbler sync

task started: 2016-11-14_174344_sync

task started (id=Sync, time=Mon Nov 14 17:43:44 2016)

running pre-sync triggers

… COBBLERY STUFF

*** TASK COMPLETE ***

  • Mount and ISO and Import your Distribution

[root@cobbler tmp]# cobbler import –arch=x86_64 –path=/mnt/iso –name=CentOS-7
task started: 2016-11-14_170108_import
task started (id=Media import, time=Mon Nov 14 17:01:08 2016)
Found a candidate signature: breed=redhat, version=rhel6
Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/CentOS-7-x86_64:
creating new distro: CentOS-7-x86_64
trying symlink: /var/www/cobbler/ks_mirror/CentOS-7-x86_64 -> /var/www/cobbler/links/CentOS-7-x86_64
creating new profile: CentOS-7-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/CentOS-7-x86_64 for CentOS-7-x86_64
processing repo at : /var/www/cobbler/ks_mirror/CentOS-7-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/CentOS-7-x86_64
looking for /var/www/cobbler/ks_mirror/CentOS-7-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/CentOS-7-x86_64/repodata
*** TASK COMPLETE ***

  • Verify you have a Distro

[root@cobbler tmp]# cobbler distro list

CentOS-7-x86_64

  • Verify you have a Profile

[root@cobbler tmp]# cobbler profile list

CentOS-7-x86_64

  • Create and Install a System

[root@cobbler tmp]# cobbler system add –name=test –profile=CentOS-7-x86-64

[root@cobbler tmp]# cobbler system edit –name=test –interface=eth0 –mac=00:50:56:bf:0e:02 –ip-address=10.0.1.74 –netmask=255.255.255.0 –static=1 –dns-name=test.beaker.local

[root@cobbler tmp]# cobbler system edit –name=test –gateway=10.0.1.1 –hostname=test.beaker.local

Of course you’ll want to substitute the correct MAC, IP,  Netmask, Gateway, and Hostname.  The above settings worked without issue on my vSphere 6 Installation.

Note — If you have a WDS and a Cobbler Server, shut down the one you don’t want to use. I have a WDS System Running, and once I turned it off, Cobbler worked without issue.

After a bit you’ll have a working system

cobbler2

Once you are happy with the system, make sure you remove it from Cobbler.  Be sure to run system list to verify its gone.

[root@cobbler tmp]# cobbler system remove –name=test
[root@cobbler tmp]# cobbler system list
[root@cobbler tmp]#

How to Install Observium on CentOS 7

NOTE – May 5th 2017 – Post has been updated to point to latest EPEL RPM

The directions for installing Observium Monitoring on CentOS 7 aren’t exactly accurate.  They have a handful of mistakes and missing steps.  Hopefully this guide will fill in the mistakes and missing parts and get you started on your way.  I know for me it was a bit of a headache getting it to work.  I eventually turned to Turnkey Linux for a template on how to do it.  With the release of the latest community version of Observium (0.16.10 on 26th October 2016),  I decided to give it a shot again.

We assume at the beginning of this tutorial that you have a working CentOS 7 VM that has network connectivity.

The first mistake is that Official Observium Documentation points you to install the RPMForge and EPEL Repositories.  The problem is RPMForge no longer exists, and the EPEL Link they provide is incorrect.

  1.  Install two requirements for logging in remotely to the VM and for getting the EPEL Repository setup.

yum install openssh wget

  1.  Install the EPEL Repository.

wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
rpm -ivh epel-release-7-9.noarch.rpm

  1.  Install the needed packages for Observium.

yum install httpd.x86_64 php.x86_64 php-mysql.x86_64 php-gd.x86_64 php-posix php-mcrypt.x86_64 php-pear.noarch cronie.x86_64 net-snmp.x86_64 net-snmp-utils.x86_64 fping.x86_64 mariadb-server.x86_64 mariadb.x86_64 MySQL-python.x86_64 rrdtool.x86_64 subversion.x86_64 jwhois.x86_64  ipmitool.x86_64 graphviz.x86_64 ImageMagick.x86_64 libvirt.x86_64 net-tools bind-utils

  1.  Make the directories needed for an Observium Install.

mkdir -p /opt/observium && cd /opt

  1.  Download and untar Observium.

wget http://www.observium.org/observium-community-latest.tar.gz
tar zxvf observium-community-latest.tar.gz

  1.  Remove the tar File.

rm observium-community-latest.tar.gz

  1.  Enable and Start the MySQL (mariadb) Service.

systemctl enable mariadb
systemctl start mariadb

  1.  Set the root password for MySQL.  We will use Changeme123.

/usr/bin/mysqladmin -u root password ‘Changeme123’

  1.  Login to a MySQL Prompt and configure the database and grant the correct privileges.

mysql -u root -p **Note MySQL will prompt you for the root password set above**
mysql> CREATE DATABASE observium DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> GRANT ALL PRIVILEGES ON observium.* TO ‘observium’@’localhost’ IDENTIFIED BY ‘Changeme123’;
mysql> exit;

  1.  Change Directory into the Observium Folder and copy the default config file to config.php in order to edit the file.

cd observium

cp config.php.default config.php

  1.  Edit the config.php in an editor of your change and Change the db_user and db_pass fields.  The remaining fields can be left to edit later.

post3

  1.  MySQL Strict mode should be enabled, but as of version 5.7 it is enabled by default.  This is a step in the official documentation, but it is one we can skip.

  2.  We run discovery.php script to setup the database schema.

./discovery.php -u

  1.  In CentOS 7 the locations of fping and ping differ from that of where Observium expects them to be.  Lets override those values in the config but adding these two lines.

$config[‘ping’] = “/usr/bin/ping”;

$config[‘fping’] = “/usr/sbin/fping”;

Post4.PNG

  1. SELinux needs to be disabled.  This is the simplest way to get Observium to work.

setenforce 0

vim /etc/selinux/config

SELINUX = permissive

Post5.PNG

  1.  Create the RRD Directory and give apache rights to it.

mkdir rrd
chown apache:apache rrd

  1.  Setup httpd.conf for use with Observium.  We assume only Observium will be run on this host.  Be sure to replace the Server in the ServerName line to be that of your fully qualified domain hostname.

vim /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
DocumentRoot /opt/observium/html/
ServerName observium.domain.com
CustomLog /opt/observium/logs/access_log combined
ErrorLog /opt/observium/logs/error_log
<Directory “/opt/observium/html/”>
AllowOverride All
Options FollowSymLinks MultiViews
Require all granted
</Directory>
</VirtualHost>

Post6.PNG

  1.  Create the logs directory and give apache rights.

mkdir /opt/observium/logs
chown apache:apache /opt/observium/logs

  1.  Create your initial web login user as an admin.  We use user admin, password Changeme123 and level 10 which is admin.

cd /opt/observium
./adduser.php admin Changeme123 10

  1.  Add your first device.  Be sure that SNMP is enabled on the device and that you know the community.  For us we will use our Mikrotik Switch.

./add_device.php 10.0.1.2 public v2c

  1.  Now that Observium knows about the host, lets discovery it and poll for the data off the switch.

./discovery.php -h all
./poller.php -h all

  1.  Create a cron job to run discovery and polling on a regular interval.  A Note in the Observium documentation states.

The below example includes a username, so will only work in /etc/crontab or /etc/cron.d/observium. It will NOT work in a user crontab edited with crontab -e without removing the username.

So we create the cron file in /etc/cron.d/observium.

# Run a complete discovery of all devices once every 6 hours
33 */6 * * * root /opt/observium/discovery.php -h all >> /dev/null 2>&1

# Run automated discovery of newly added devices every 5 minutes
*/5 * * * * root /opt/observium/discovery.php -h new >> /dev/null 2>&1

# Run multi threaded poller wrapper every 5 minutes
*/5 * * * * root /opt/observium/poller-wrapper.py 8 >> /dev/null 2>&1

# Run housekeeping script daily for syslog, event log and alert log
13 5 * * * root /opt/observium/housekeeping.php -ysel

# Run housekeeping script daily for rrds, ports, orphaned entries in the database and performance data
47 4 * * * root /opt/observium/housekeeping.php -yrptb

  1.  Reload cron.

systemctl reload crond

  1.  Set httpd to start on boot.

systemctl enable httpd
systemctl start httpd

That is about it for the setup of Observium.  The official documentation states that you need to open firewall ports.  Since the firewall is not installed by default, I have skipped those steps.  If you need them they are.

#Permit HTTP through the server’s default firewall
firewall-cmd –permanent –zone=public –add-service=http
firewall-cmd –reload

If everything went correctly you will be greeted with the login hamster.

Post8.PNG

Our next post will cover how to add hosts in the Web Page, how to troubleshoot when those hosts can’t be added, and how to add SuperMicro IPMI polling.