Table of Contents
Netdisco Installation
Preface
When I have been looking for simple installation document of Netdisco, I have spent quit a lot of the time to walk through the installation manuals. According to this I would like to go step by step through the installation of Netdisco to make it as simple as possible.
I will use “Basic server” installation of CentOS 6.5
During the installation we will need this accounts:
postgres/phpPgAdmn: netdisco/dbpassword netdisco/web (admin): netdisco/netadmin OS user/netdisco: netdisco/netdiscoOS
Before we'll start
Make OS ready
EPEL (install)
CentOS 6 - 32-bit [root@SSH_Client ~]# rpm -Uvh http://mirror.overthewire.com.au/pub/epel/6/i386/epel-release-6-8.noarch.rpm CentOS 6 - 64-bit [root@SSH_Client ~]# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm CentOS 5 - 32-bit [root@SSH_Client ~]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm CentOS 5- 64-bit [root@SSH_Client ~]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
Inatall GraphViz repositary:
[root@netdisco ~]# cd /etc/yum.repos.d/ [root@netdisco yum.repos.d]# wget http://www.graphviz.org/graphviz-rhel.repo .
Please install all this packages:
# yum -y update # To update all already installed packages # reboot # Reboot the OS # yum -y install screen # yum -y install mc # yum -y install telnet # yum -y install net-snmp* # yum -y install httpd httpd-manual httpd-tools # yum -y install libjpeg* libpng* # yum -y install gettext* # yum -y install mod_perl mod_ssl # yum -y install libapreq2 perl-libapreq2 perl-HTML-Mason # yum -y install perl-Event-RPC # yum -y install db4-devel # yum -y install perl-LDAP # yum -y install beecrypt-devel # yum -y install httpd-devel # yum -y install mod_perl-devel # yum -y install gcc # yum -y install libapreq2 # yum -y install perl-libapreq2 # yum -i install perl-IPC-Run # yum -y install postgresql # yum -y install postgresql-server # yum -y install postgresql-docs # yum -y install postgresql-jdbc # yum -y install postgresql-libs # yum -y install postgresql-odbc # yum -y install postgresql-plperl # yum -y install postgresql-plpython # yum -y install postgresql-pltcl # yum -y install postgresql-contrib # yum -y install postgresql-devel # yum -y install perl-DBD-Pg # yum -y install ann-libs* # yum -y install 'graphviz*'
Initialize PostgreSQL DB:
# service postgresql initdb # to inicialize postgres DB
Install Perl modules
# perl -MCPAN -e shell # This will initialize CPAN access for your OS install Bundle::CPAN # This will ask you for additional information during installation install YAML install Log::Any install SNMP::Info # Most important module for Netdisco install MasonX::Request::WithApacheSession install MasonX::Apache2Handler install Digest::MD5 install Bundle::DBI install DBI install Apache::DBI install DBD::Pg install DB_File install Apache::Session install HTML::Entities install HTML::Mason install Graph install GraphViz install Compress::Zlib install Parallel::ForkManager install Net::NBName install Net::LDAP install Net::SSLeay install IO::Socket::SSL install Apache2::Request install Apache::DBI install Apache::Session install Apache::Test install Storable install Exception::Class install Heap::Elem install ExtUtils::XSBuilder::ParseSource install Params::Validate install Class::Container install Compress::Raw::Zlib
Please check any time the result of installation of all modules. It can easily happen that it will be not possible to install it for some reason. In this case I would recommend to you:
1.)To install rest of the modules from the list
2.)Then to try to reinstall the missing modules again
3.) In the case that it will not work to install this module manually
1.)To install rest of the modules from the list
2.)Then to try to reinstall the missing modules again
3.) In the case that it will not work to install this module manually
Example:
cpan[101]> install HTML::Entities Running install for module 'HTML::Entities' Running make for G/GA/GAAS/HTML-Parser-3.71.tar.gz Has already been unwrapped into directory /root/.cpan/build/HTML-Parser-3.71-2_rhZh # As you see here is the the source code located Could not make: Unknown error Running make test Can't test without successful make Running make install Make had returned bad status, install seems impossible ------------------------------------------------------------------------------------------------------- [root@Netdisco ~]# cd /root/.cpan/build/HTML-Parser-3.71-2_rhZh # Go to source code file [root@Netdisco HTML-Parser-3.71-2_rhZh]# perl Makefile.PL # Configure Source code [root@Netdisco HTML-Parser-3.71-2_rhZh]# make # Compile it [root@Netdisco HTML-Parser-3.71-2_rhZh]# make install # Install it ------------------------------------------------------------------------------------------------------- cpan[102]> install HTML::Entities # As you can see it is installed HTML::Entities is up to date (3.69).
SELinux and Iptables update:
At this moment I would like to propose to disable the SELinux (I will update this later).
[root@Netdisco ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. ##SELINUX=enforcing SELINUX=disabled # Disable SELinux # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
To update IPTABLES please run this commands:
[root@Netdisco ~]# iptables -I INPUT -p TCP --dport 80 -j ACCEPT # Enable Web Access to your server [root@Netdisco ~]# /etc/init.d/iptables save # Save the change
OS user management:
We'll installed Netdisco Demon with “netdisco” user rights. Netdisco demon will run under mentioned OS account without root rights.
It is required to create an additional user group “netdisco” to running web based application. User group “netdisco” shall include just user “netdisco” and user account used for running web service (in our case Apache demon).
# groupadd netdisco # Create new user group for user "netdisco" and "apache"
In some cases you will prefer to use exact Group ID. In this case you will need to run this commands:
# groupadd -g <Group_ID> netdisco
To create “netdisco” user, run this command:
# useradd -g netdisco -G netdisco -d /usr/local/netdisco -c "Netdisco Admin" netdisco # Create Netdisco OS account
In some cases you will prefer to use exact User ID. In this case you will need to run this commands:
# useradd -u <User_ID> -g netdisco -G netdisco -d /usr/local/netdisco -c “Netdisco Admin” netdisco
Configure user password:
# passwd netdisco Changing password for user netdisco. New password: # here paste the password Retype new password: # here paste the password passwd: all authentication tokens updated successfully.
User and Groups check:
To be sure that we have created our user and group please use this commands:
# grep "netdisco" /etc/group # Command to Check Group
netdisco:x:500:netdisco # Expected result
# grep "netdisco" /etc/passwd # Command to Check User
netdisco:x:500:500:Netdisco Admin:/usr/local/netdisco:/bin/bash # Expected result
# ls -al /usr/local/ | grep netdisco # Command to Check Home Directory
drwx------. 2 netdisco netdisco 4096 Mar 21 23:10 netdisco # Expected result
Assign "apache" and "postgres" user to netdisco user group:
After starting of Netdisco and Apache service, Apache demon will be accessing Netdisco related files. According to this we have created user group “netdisco”. Mentioned user group will be used at “netdisco” user (running Netdisco demon) and “apache” user (running Apache demon). Based on this configuration it will be possible to manage access rights to Netdisco files based on user and user group rights.
# usermod -G netdisco apache # Include "apache" user in to "netdisco" user group # usermod -G netdisco postgres # Include "postgres" user in to "netdisco" user group
Check the result:
# grep "netdisco" /etc/group # Check assigned users in to "netdisco" user group
netdisco:x:500:netdisco,apache,postgres # Expected result
Install Netdisco
Download Netdisco
To download Netdisco Please visit this URL: “http://sourceforge.net/projects/netdisco/files/ “
It is possible to download Netdisco with or without related MIB files. I do personally prefer to download the source with MIB files as it will safe us some time.
# mkdir /usr/src/netdisco # Create file where we will store source code. I do like the old UX way to store source code
To download of Netdisco you will need to use standard browser:
Go to “http://sourceforge.net/projects/netdisco/files/netdisco-mibs/ „ and download last release of Netdisco and copy it to /usr/src/netdico/ .
Go to “http://sourceforge.net/projects/netdisco/files/netdisco-mibs/ „ and download last release of Netdisco and copy it to /usr/src/netdico/ .
# cd /usr/src/netdisco/ # Here is the source code stored # ls netdisco-1.3.2_with_mibs.tar.gz # tar -vxzf netdisco-1.3.2_with_mibs.tar.gz # Uncompressing the source code # cd netdisco-1.3.2 # Here is the uncompressed source code # cp -r netdisco-1.3.2/* /usr/local/netdisco # Copy the source code to HOMEDIR of "netdisco" user # chown -R netdisco.netdisco /usr/local/netdisco # Change owner to "netdisco" for all files in HOMEDIR of "netdisco" user # chmod 770 /usr/local/netdisco # Change access right to HOMEDIR of "netdisco" user, so that the group will get full access
Access to PostgeSQL database.
Netdisco is using PostgreSQL database as storage of collected information. According to this it is really great tool that can be easily integrated in to corporate network environment (as you can access the collected data like standard SQL data).
Installation and initialization of the PostgreSQL was already done at beginning of this document (see the chapter “Before we’ll start”)
# chkconfig postgresql on # Make sure that postgreSQL will start after boot of OS
PostgreSQL Access permission:
# cat /var/lib/pgsql/data/pg_hba.conf | grep -v "^#" # Please update the access permission to this local all postgres trust local all root trust local sameuser all md5 local template1 all trust
Rstart PostgreSQL
# /etc/init.d/postgresql restart Stopping postgresql service: [ OK ] Starting postgresql service: [ OK ]
Please check the configuration of Netdisco for accessing of Postgresql:
/usr/local/netdisco/netdisco.conf
db_Pg = dbi:Pg:dbname=netdisco # Database name and location
db_Pg_user = netdisco # User Account for access to Database
db_Pg_pw = dbpassword # Password for accessing the database
/usr/local/netdisco/netdisco_apache.conf
session_data_source => 'dbi:Pg:dbname=netdisco', # Database name and location
session_user_name => 'netdisco', # User Account for access to Database
session_password => 'dbpassword', # Password for accessing the database
Create ” netdisco ” user account in PostgreSQL:
[root@Netdisco netdisco]# su - postgres # We'll need to use postgres OS user as he is admin of DB -bash-4.1$ createuser -P -s -e netdisco # Create "netdisco" account in POstgreSQL Enter password for new role: # Add password (in our case: "dbpassword") Enter it again: # Add password (in our case: "dbpassword") CREATE ROLE netdisco PASSWORD 'md57ed24b0b6e8875f6bf39f7aff81ac465' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;
Initialization of the PostgreSQL database for Netdisco:
[root@Netdisco netdisco]# cd /usr/local/netdisco/sql # Here are located scripts for DB creation [root@Netdisco sql]# ./pg --init # This will create the database for Netdisco ... If prompted enter 'dbpassword' as password. Password for user netdisco: # Please paste here the password for access to DB "dbpassword" ...
Test of the PostgreSQL access:
[root@Netdisco ~]# su netdisco - # We are going to test the DB access for "netdisco" user
[netdisco@Netdisco ~]$ cd /usr/local/netdisco/sql/ # Here are located the test scripts
[netdisco@Netdisco sql]$ ./pg # Test access configuration
./pg - Netdisco Postgres Wrapper.
If prompted enter 'dbpassword' as password.
Password for user netdisco: # Paste the password for "netdisco" user of DB "dbpassword"
psql (8.4.20)
Type "help" for help.
netdisco=# \dt # List the DB tables
List of relations
Schema | Name | Type | Owner
--------+----------------------+-------+----------
public | admin | table | netdisco
public | device | table | netdisco
public | device_ip | table | netdisco
public | device_module | table | netdisco
public | device_port | table | netdisco
public | device_port_log | table | netdisco
public | device_port_power | table | netdisco
public | device_port_ssid | table | netdisco
public | device_port_vlan | table | netdisco
public | device_port_wireless | table | netdisco
public | device_power | table | netdisco
public | device_vlan | table | netdisco
public | log | table | netdisco
public | node | table | netdisco
public | node_ip | table | netdisco
public | node_monitor | table | netdisco
public | node_nbt | table | netdisco
public | node_wireless | table | netdisco
public | oui | table | netdisco
public | process | table | netdisco
public | sessions | table | netdisco
public | subnets | table | netdisco
public | topology | table | netdisco
public | user_log | table | netdisco
public | users | table | netdisco
(25 rows)
netdisco=# \q # Quit / Exit
Apache Configuration
Update the Apache configuration to include Netdisco. You will need to edit Apache config file (usually: “/etc/httpd/conf/httpd.conf“). In to mentioned file you will need to add this lines at end of the file:
[root@Netdisco ~]# echo "Include /usr/local/netdisco/netdisco_apache.conf">> /etc/httpd/conf/httpd.conf [root@Netdisco ~]# echo "Include /usr/local/netdisco/netdisco_apache_dir.conf">> /etc/httpd/conf/httpd.conf
As well we will need to create a directory that will be used at Apache demon:
[root@Netdisco ~]# mkdir /usr/local/netdisco/mason [root@Netdisco ~]# chown apache.netdisco /usr/local/netdisco/mason [root@Netdisco ~]#>/var/www/html/netdisco [root@Netdisco ~]# chown apache:apache /var/www/html/netdisco [root@Netdisco ~]# chmod 644 /usr/local/share/perl5/HTML/Mason/ApacheHandler.pm [root@Netdisco ~]# chmod 644 /usr/share/perl5/HTML/Mason/ApacheHandler.pm
Create WEB Admin account for Netdisco:
[root@Netdisco ~]# cd /usr/local/netdisco/ [root@Netdisco netdisco]# ./netdisco -u netdisco # WEB user name n e t d i s c o -------------------------------------------------- Enter new password for netdisco [no change]: netadmin # Password for web user Give netdisco Port Control [no change]? yes # Enable to user to shut down interfaces on managed devices Give netdisco Admin Rights [no change]? yes # This user is admin User Full Name [none]? Added user netdisco. (1)
Update the Netdisco config files used for Apache demon
[root@Netdisco ~]# cat /usr/local/netdisco/netdisco_apache.conf | sed 's/#LoadModule perl_module libexec\/apache2\/mod_perl.so/LoadModule perl_module \/usr\/lib\/httpd\/modules\/mod_perl.so/'> /tmp/netdisco_apache.conf.$$
[root@Netdisco ~]# mv -f /tmp/netdisco_apache.conf.$$ /usr/local/netdisco/netdisco_apache.conf
[root@Netdisco ~]# cat /usr/local/netdisco/netdisco_apache.conf | sed 's/#LoadModule apreq_module libexec\/apache2\/mod_apreq2.so/LoadModule apreq_module \/usr\/lib\/httpd\/modules\/mod_apreq2.so/'> /tmp/netdisco_apache.conf.$$
[root@Netdisco ~]# mv -f /tmp/netdisco_apache.conf.$$ /usr/local/netdisco/netdisco_apache.conf
[root@Netdisco ~]# cat /usr/local/netdisco/netdisco_apache.conf | sed 's/#PerlModule/PerlModule/'> /tmp/netdisco_apache.conf.$$
[root@Netdisco ~]# mv -f /tmp/netdisco_apache.conf.$$ /usr/local/netdisco/netdisco_apache.conf
[root@Netdisco ~]# cat /usr/local/netdisco/html/autohandler | sed 's/$r->connection->user/$r->user/'> /tmp/autohandler.$$
[root@Netdisco ~]# mv -f /tmp/autohandler.$$ /usr/local/netdisco/html/autohandler
[root@Netdisco ~]# cat /usr/local/netdisco/html/login.html | sed 's/$r->connection->user($db_user->{username});/$r->user($db_user->{username});/'> /tmp/login.html.$$
[root@Netdisco ~]# mv -f /tmp/login.html.$$ /usr/local/netdisco/html/login.html
Restart Apache Demon:
[root@Netdisco ~]# /etc/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd [ OK ]
Configure Apache to start after boot or OS:
[root@Netdisco ~]# chkconfig httpd on [root@Netdisco ~]# chkconfig --list | grep httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Finish Netdisco Installation
Create documentation for Netdisco:
[root@Netdisco ~]# cd /usr/local/netdisco [root@Netdisco netdisco]# gmake doc Creating Backend API docs Creating Shared API docs
Update group owner of Netdisco config files
[root@Netdisco ~]# chgrp netdisco /usr/local/netdisco/*.conf [root@Netdisco ~]# chmod 660 /usr/local/netdisco/*.conf
Configure OID’s for different NW vendors:
[root@Netdisco ~]# su - netdisco
[netdisco@Netdisco ~]$ cd /usr/local/netdisco/
[netdisco@Netdisco ~]$ make oui
...
n e t d i s c o
--------------------------------------------------
parse_oui()
Removing old contents of oui table in database.
Schlopping contents of oui.txt to database.
Added 19142 entries from oui.txt
[netdisco@Netdisco ~]$ ./netdisco -O
n e t d i s c o
--------------------------------------------------
parse_oui()
Removing old contents of oui table in database.
Schlopping contents of oui.txt to database.
Added 19142 entries from oui.txt
Discovery process for Netdisco will be scheduled with cron demon
[root@Netdisco ~]# cp /usr/local/netdisco/netdisco.crontab /usr/local/netdisco/netdisco.crontab_def [root@Netdisco ~]# cat /usr/local/netdisco/netdisco.crontab | sed "s/center_network_device/127.0.0.1/g"> /tmp/netdisco.crontab.$$ [root@Netdisco ~]# mv -f /tmp/netdisco.crontab.$$ /usr/local/netdisco/netdisco.crontab [root@Netdisco ~]# crontab -u netdisco /usr/local/netdisco/netdisco.crontab
Configure Netdisco to start after boot of OS
[root@Netdisco ~]# ln -s /usr/local/netdisco/bin/netdisco_daemon /etc/init.d/netdisco [root@Netdisco ~]# chkconfig netdisco on [root@Netdisco ~]# chkconfig --list | grep netdisco netdisco 0:off 1:off 2:on 3:on 4:on 5:on 6:off
RestartNetdisco demon:
[root@Netdisco ~]# /etc/init.d/netdisco restart Restarting netdisco admin daemon:n e t d i s c o -------------------------------------------------- Stopping admin daemon (1259). Waiting until current job completes Starting new admin panel daemon
Web GUI
To access the web GUI use this URL (you will be asekd for user/password):
http://<IP_OF_SERVER>/netdisco
URL's
Home page: http://netdisco.org/
Snmp-info module for perl: http://sourceforge.net/projects/snmp-info/
Netdisco source download: http://sourceforge.net/projects/netdisco/files/
GraphViz Home Page: http://www.graphviz.org/Download_linux_rhel.php
PostgreSQL optimalization: http://www.postgresql.org/docs/8.2/static/kernel-resources.html
