Tuesday, August 13, 2013

Multiple NICs and You

Have you tried to configure more than one network card on more than one network in CentOS 6.x or RedHat 6.x yet? Well I did, and I was in for a surprise!
Turns out, that you cannot do it on CentOS easily. I tried this one several servers and even though the IP shows up, I could not ping it from the second network. It was a pain.
Working example is I have interface one configured as netmask
I wanted interface two configured on netmask
After going crazy verifying every setting in my /etc/sysconfig/network-scripts/ifgcfg-eth0 and ifcfg-eth1 files I found this blog post http://www.virtualizationteam.com/cloud/how-to-get-redhat-6-2-linux-second-nic-to-ping.html  that was an unrelated product, but the same root cause.
So after reading it i tried the settings they recommended and it worked, i did have to reboot to get it working fully, but that was all.

I then had another server we needed this on and I wanted to dig a little deeper, and make less edits, so i view the file /etc/sysctl.conf and this line stuck out to me

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

As an experiment I changed the 1 to a 0 for 
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
Reboot and POOF!! Both networks pingable from their respective subnets. 
So long story short, it wasnt a routing issue exactly but an issue with reverse packet filtering and how it routes packets out. 

Monday, August 12, 2013

Installing Cacti because I want to believe

This is how I installed Cacti for CentOS 6.4
Install all the dependancies first
yum install mysql mysql-server httpd httpd-devel php-mysql php-pear php-common php-gd php-devel php-mbstring php php-cli php-snmp net-snmp-utils net-snmp-libs php-pear-Net-SNMP rrdtool

Make sure that apache and MySQL are set to load on boot.
[root@cacti01 ~]# chkconfig --list | grep -i mysql
mysqld         0:off       1:off     2:off  3:off   4:off   5:off     6:off

Well lets fix this
[root@cacti01 ~]# chkconfig mysqld on 
[root@cacti01 ~]# chkconfig --list | grep -i mysql
mysqld         0:off   1:off   2:on   3:on   4:on   5:on     6:off

And the same thing for apache
[root@cacti01 ~]# chkconfig --list httpd
httpd           0:off  1:off   2:off 3:off     4:off 5:off    6:off
[root@cacti01 ~]# chkconfig httpd on 
[root@cacti01 ~]# chkconfig --list httpd
httpd           0:off    1:off 2:on  3:on  4:on  5:on  6:off

And one shot check and startup for SNMP service
[root@cacti01 ~]# /etc/init.d/snmpd status 
snmpd is stopped
[root@cacti01 ~]# chkconfig snmpd on 
[root@cacti01 ~]# /etc/init.d/snmpd start 
Starting snmpd:                                            [  OK  ]

Start the web services.
[root@cacti01 ~]# /etc/init.d/httpd start 
root@cacti01 ~]# /etc/init.d/httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for cacti01
httpd: Could not reliably determine the server's fully qualified domain name, using for ServerName
                                                           [  OK  ]
This error is ok for the moment, i just need to install Cacti and setup a domain name for it, so moving on to MySQL
To start the database took a little more than I was expecting...
[root@cacti01 ~]# /etc/init.d/mysqld start
Initializing MySQL database:  WARNING: The host 'cacti01' could not be looked up with resolveip.
[... Edited down ..] 
Starting mysqld:                                           [  OK  ]

Part of the message with the first run of the MySQL was to set a root password with the following command, so i did
[root@cacti01 ~]# /usr/bin/mysqladmin -u root password 'SuperDuperMultiSystemPasswordForBlog'

I verified that i could connect to the database.
I also created a Cacti user for the local host
[root@cacti01 ~]# mysql -u root -p 

mysql> create user 'cacti'@'localhost' identified by 'SuperDuperMultiSystemPasswordForBlog' ;
Query OK, 0 rows affected (0.00 sec)
mysql> create database cacti ;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on cacti.* to 'cacti'@'localhost'; 
Query OK, 0 rows affected (0.00 sec)
mysql> quit
[root@cacti01 ~]# 

Now then whats next...
Oh yeah the download of the magical mystical Cacti software
Because I didnt feel like spending the night compiling cacti from source, I cheated slightly. Hey its a RedHat I am allowed to...
I added the rpmforge release of it. Instructions can be found here http://www.tecmint.com/install-and-enable-rpmforge-repository-in-rhel-centos-6-5-4/

[root@cacti01 ~]# yum install cacti 
[... EDIT ...]
 Package       Arch           Version                    Repository        Size
 cacti         noarch         0.8.8a-1.el6.rf            rpmforge         2.0 M

[... more Edit ...]
Is this ok [y/N]: Y 
and wiz bang installed!

Find out where the database template for Cacti was put
[root@cacti01 conf]# rpm -ql cacti | grep cacti.sql 

and install it
[root@cacti01 conf]# mysql -u cacti -p cacti < /var/www/cacti/cacti.sql 

Next locate the config file and set your database parameters
[root@cacti01 include]#  vim /var/www/cacti/include/config.php 

All i had to change were the following lines

$database_username = "cacti";
$database_password = "cacti";

Allow your network to access the web server
[root@cacti01 cacti]# vim /etc/httpd/conf.d/cacti.conf  
Add the Allow line but make sure it matches your subnet
deny from all 
Allow from 

Don't forget to make the IP Tables exception, or just turn it off. For my example off it went
[root@cacti01 cacti]# /etc/init.d/iptables stop
iptables: Flushing firewall rules:                                    [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                                       [  OK  ]
[root@cacti01 cacti]# chkconfig iptables off

Now we get to the GUI side of it, and you can do the web based install.
You want to select New Install
On the next section everything should be green, if it isnt, you missed a step so go back and find your missing dependancies.
SNMP Utility Version - NET-SNMP 5.x
RRDTool Utility Version - RRDTool 1.3.x
And then Finish, login, and change your password.

Now you are on your own for finding your device MIPs and configuring them