Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


smokeping_centos6

CentOS 6 - Smokeping

Had to install SmokePing in a RHEL 6 environment. This is how i installed it.

- Stop, start, status

  • Stop: service smokeping stop
  • Start: service smokeping start
  • Status: service smokeping status

- Modify configuration

  • Modify configuration: /opt/smokeping/etc/config.
  • Restart SmokePing: service smokeping restart.

- Installation

  • Create a new VM with, 1vCPU, 1GB memory and 32GB disk.
  • Install the latest RHEL 6.
  • Update the OS:
    yum clean all
    yum update
  • Check NTP and DNS configuration.
  • Create a nice MOTD:
       _____                 _        _____ _             
      / ____|               | |      |  __ (_)            
     | (___  _ __ ___   ___ | | _____| |__) | _ __   __ _ 
      \___ \| '_ ` _ \ / _ \| |/ / _ \  ___/ | '_ \ / _` |
      ____) | | | | | | (_) |   <  __/ |   | | | | | (_| |
     |_____/|_| |_| |_|\___/|_|\_\___|_|   |_|_| |_|\__, |
                                                     __/ |
                                                    |___/ 
    
  • Install the needed packages:
    yum groupinstall "Development tools"
    yum install rrdtool rrdtool-perl fping wget curl bind-utils mod_fcgid mod_ssl httpd httpd-devel perl-CPAN lynx ncftp perl perl-YAML perl-parent perl-Test-Simple perl-Net-SSLeay
  • Configure CPAN:
    perl -MCPAN -e shell
    
    Would you like me to configure as much as possible automatically? [yes] no
    
    Choose the defaults, configure a proxy if needed.
    
    # If you want to reconfigure CPAN: o conf init
  • I had some problems when using the Perl packages from the repo. Install the Perl modules via CPAN:
    cpan
    install LWP
    install IO::Pty
    install Config::Grammar
    install Digest::HMAC_MD5
    install Net::Telnet
    install Net::OpenSSH
    install Net::DNS
    install Net::LDAP
    install Net::SNMP             # Don't install the optional packages.
    install FCGI
    install CGI::Fast
  • Download SmokePIng:
    cd /var/tmp
    wget http://oss.oetiker.ch/smokeping/pub/smokeping-2.6.11.tar.gz
  • Install SmokePing:
    tar -zxvf smokeping-2.6.11.tar.gz -C /var/tmp
    cd /var/tmp/smokeping-2.6.11
    ./configure --prefix=/opt/smokeping-2.6.11
    /usr/bin/gmake install
    ln -s /opt/smokeping-2.6.11 /opt/smokeping
    
    mkdir /opt/smokeping-2.6.11/{cache,data,var}
    chmod 660 /opt/smokeping-2.6.11/etc/smokeping_secrets.dist
    
    useradd -u <uid> smokeping 
    chown -R smokeping. /opt/smokeping*

- Post install config

- SmokePing

  • Modify /opt/smokeping/etc/config.dist.
    cp /opt/smokeping/etc/config.dist /opt/smokeping/etc/config
    vi config
  • Modify /opt/smokeping/htdocs/smokeping.fcgi.dist:
    mv /opt/smokeping/htdocs/smokeping.fcgi.dist /opt/smokeping/htdocs/smokeping.fcgi
    vi /opt/smokeping/htdocs/smokeping.fcgi
  • Change the template sidebar width (if needed) /opt/smokeping/etc/basepage.html.dist:
      <TD class="menubar" align="left" width="230" valign="top">

- TLS self signed certificate

  • Change /etc/pki/tls/openssl.cnf
    countryName_default             = ...
    stateOrProvinceName_default     = ...
    localityName_default            = ...
    0.organizationName_default      = ...
    organizationalUnitName_default  = ...
    commonName                      = <fqdn>
    
    [ req ]
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    
    [ v3_req ]
    basicConstraints = CA:FALSE
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1 = <fqdn1>
    DNS.2 = <fqdn2>
    IP.1  = <ip1>
    IP.2  = <ip2>
  • Generate private key:
    openssl genrsa -out /etc/pki/tls/private/<hostname>.key 2048
  • Generate CSR:
    openssl req -new \
      -out /etc/pki/tls/certs/<hostname>.csr \
      -key /etc/pki/tls/private/<hostname>.key \
      -config /etc/pki/tls/openssl.cnf
  • Check:
    openssl req -text -noout -in /etc/pki/tls/certs/<hostname>.csr
  • Sign:
    openssl x509 -req -days 3650 \
     -in /etc/pki/tls/certs/<hostname>.csr \
     -signkey /etc/pki/tls/private/<hostname>.key \
     -out /etc/pki/tls/certs/<hostname>.crt \
     -extensions v3_req \
     -extfile /etc/pki/tls/openssl.cnf

- Apache

  • Remove the default virtual host: /etc/httpd/conf.d/smokeping.conf.
  • Edit /etc/httpd/conf/httpd.conf:
    ServerAdmin <email address>
    NameVirtualHost *:443
  • Create the following config: /etc/httpd/conf.d/smokeping.conf
    <VirtualHost *:443>
    
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
    
    SSLCertificateFile /etc/pki/tls/certs/<hostname>.crt
    SSLCertificateKeyFile /etc/pki/tls/private/<hostname>.key
    
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    
    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    
    ServerName <fqdn>
    DocumentRoot "/var/www/html/"
    
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn
    
    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    
    SuexecUserGroup smokeping smokeping
    
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
    
    <Directory "/var/www/cgi-bin/">
        SSLOptions +StdEnvVars
        Options FollowSymLinks 
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>
    
    Alias /cache/ "/opt/smokeping-2.6.11/cache/"
    
    <Location />
       Options None
       Order deny,allow
       Deny from all
       Allow from <subnet>
    
       AuthType Basic
       AuthBasicProvider ldap
       AuthName "LDAP authentication"
       AuthLDAPURL ...
       AuthLDAPBindDN ...
       AuthLDAPBindPassword ...
       Require ldap-attribute gidNumber=...
       Require valid-user
    </Location>
    
    </VirtualHost>         
  • Create an index.html redirect /var/www/html/index.html:
    <meta http-equiv="refresh" content="1;url=https://<fqdn>/cgi-bin/smokeping.fcgi">
  • Copy smokeping.fcgi (for suexec):
    cp /opt/smokeping/htdocs/smokeping.fcgi /var/www/cgi-bin/
  • Modify suexec rights:
    chown -R smokeping. /var/www/cgi-bin/
  • Start Apache at boot:
    chkconfig httpd on
  • Start Apache:
    service httpd start

Start/stop script

  • Create start/stop script: /etc/init.d/smokeping
    #!/bin/sh
    #
    # chkconfig: - 86 14
    # description: smokeping init script
    # processname: smokeping
    # config: /opt/smokeping/etc/smokeping.conf
    # pidfile: /opt/smokeping/var/smokeping.pid
    
    # Source function library.
    . /etc/rc.d/init.d/functions
    
    # the path to your PID file
    # path to smokeping script 
    smokeping=/opt/smokeping/bin/smokeping 
    smokeping_config=/opt/smokeping/etc/config
    smokeping_logfile=/opt/smokeping/var/smoke.log
    pidfile=/opt/smokeping/var/smokeping.pid
    lockfile=/var/lock/subsys/smokeping
    smokeping_opts="--config=${smokeping_config} --logfile=${smokeping_logfile}"
    prog=smokeping
    run_user=smokeping
    RETVAL=0
    STOP_TIMEOUT=10
    
    start() {
            echo -n $"Starting $prog: "
            daemon --pidfile=${pidfile} --user $run_user $smokeping $smokeping_opts
            RETVAL=$?
            echo
            [ $RETVAL = 0 ] && touch ${lockfile}
            return $RETVAL
    }
    
    stop() {
      echo -n $"Stopping $prog: "
    	killproc -p ${pidfile} -d ${STOP_TIMEOUT} $smokeping
    	RETVAL=$?
    	echo
    	[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
    }
    
    reload() {
        echo -n $"Reloading $prog: "
        if ! $smokeping $smokeping_opts --check >&/dev/null; then
            echo $"not reloading due to configuration syntax error"
            failure $"not reloading $smokeping due to configuration syntax error"
        else
            $smokeping $smokeping_opts --reload
            RETVAL=$?
            if [ $RETVAL -ne 0 ]; then
                failure $"smokeping reloading"
            fi
        fi
        echo
    }
    
    restart() {
        echo -n $"Restarting $prog: "
        if ! $smokeping $smokeping_opts --check >&/dev/null; then
            echo $"not restarting due to configuration syntax error"
            failure $"not restarting $smokeping due to configuration syntax error"
        else
            $smokeping $smokeping_opts --restart
            RETVAL=$?
            if [ $RETVAL -ne 0 ]; then
                failure $"smokeping restarting"
            fi
        fi
        echo
    }
    
    # See how we were called.
    case "$1" in
      start)
    	start
    	;;
      stop)
    	stop
    	;;
      status)
            status -p ${pidfile} $smokeping
    	RETVAL=$?
    	;;
      reload)
    	reload
    	;;
      restart)
    	restart
    	;;
      *)
    	echo $"Usage: $prog {start|stop|restart|reload|status}"
    	RETVAL=2
    esac
  • Set executable bit:
    chmod +x /etc/init.d/smokeping
  • Start at boot:
    chkconfig --add smokeping
    chkconfig smokeping on

Remote fping

  • Create a user account and install fping on the client:
    useradd -u <uid> smokeping
    yum install fping
  • Place the smokeping user's public key and root's public key on the client, in the authorized_keys file.
  • Test login with key.
  • Add the RemoteFPing probe to the SmokePing configuration:
    # Config
    +RemoteFPing
    
    binary = /usr/bin/ssh
    blazemode = true
    hostinterval = 1.5
    #mininterval = 0.001
    offset = 50%
    packetsize = 56
    pings = 20
    rbinary = /usr/sbin/fping
    rhost = <ip or fqdn>
    ruser = smokeping
    #sourceaddress = <ip>
    step = 300
    timeout = 1.5
    #tos = 0x20
    usestdout = false
    
    #*** Slaves ***
    #secrets=/opt/smokeping-2.6.11/etc/smokeping_secrets.dist
    #+boomer
    #display_name=boomer
    #color=0000ff
    #
    #+slave2
    #display_name=another
    #color=00ff00
    
  • Add remote hosts:
    +++ Name
    probe=Name
    host=<fqdn>
    
smokeping_centos6.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1