Booches.nl

CactiEZ – configuration basics

Every time I install CactiEZ or Cacti on another platform, I am searching for the commands to basically install the most common parameters, like static IP addressing, NTP sync and time zones.

Several times I thought about writing a simple article with the necessary commands and final I had time to create it.

Networking

netconfig
service network restart

Time Sync

ntpdate –u ntp1.nl.net

Time Zone

yum install system-config-date
system-config-date

This will make my life so much easier.

Cacti: corrupt database

After rebooting a Cacti server, the customer complained that no new graphs were drawn by the server. I tried to run the poller.php script with the –-force option and noticed the following output:

06/16/2011 10:34:48 AM – SPINE: Poller[0] ERROR: SQL Failed! Error:’145′, Message:’Table ‘./cacti/poller_output’ is marked as crashed and should be repaired’, SQL Fragment:’INSERT INTO poller_output (local_data_id, rrd_name, time, output) VALUES (514,’traffic_in’,’2011-06-16 10:34:48′,’3446319166′),(357,’traffic_in’,’2011-06-16

This log entry was shown multiple time and it looks like the database got corrupted after the reboot. Mysql has an option to check and repair the database. So I gave that a try via the following command:

mysqlcheck –-auto-repair –-databases cacti

The command gives the following output:

cacti.cdef                                         OK
cacti.cdef_items                                   OK
cacti.colors                                       OK
cacti.data_input                                   OK
cacti.data_input_data                              OK
cacti.data_input_fields                            OK
cacti.data_local                                   OK
cacti.data_template                                OK
cacti.data_template_data
warning  : 1 client is using or hasn’t closed the table properly
status   : OK
cacti.data_template_data_rra                       OK
cacti.data_template_rrd
warning  : 1 client is using or hasn’t closed the table properly
status   : OK
cacti.graph_local                                  OK
cacti.graph_template_input                         OK
cacti.graph_template_input_defs                    OK
cacti.graph_templates                              OK
cacti.graph_templates_gprint                       OK
cacti.graph_templates_graph                        OK
cacti.graph_templates_item                         OK
cacti.graph_tree                                   OK
cacti.graph_tree_items                             OK
cacti.host
warning  : 2 clients are using or haven’t closed the table properly
status   : OK
cacti.host_graph                                   OK
cacti.host_snmp_cache
warning  : 1 client is using or hasn’t closed the table properly
status   : OK
cacti.host_snmp_query                              OK
cacti.host_template                                OK
cacti.host_template_graph                          OK
cacti.host_template_snmp_query                     OK
cacti.mac_track_approved_macs                      OK
cacti.mac_track_device_types                       OK
cacti.mac_track_devices                            OK
cacti.mac_track_ip_ranges                          OK
cacti.mac_track_ips
note     : The storage engine for the table doesn’t support check
cacti.mac_track_macauth                            OK
cacti.mac_track_macwatch                           OK
cacti.mac_track_oui_database                       OK
cacti.mac_track_ports                              OK
cacti.mac_track_processes                          OK
cacti.mac_track_scan_dates                         OK
cacti.mac_track_scanning_functions                 OK
cacti.mac_track_sites                              OK
cacti.mac_track_temp_ports
note     : The storage engine for the table doesn’t support check
cacti.plugin_color_templates                       OK
cacti.plugin_color_templates_item                  OK
cacti.plugin_config                                OK
cacti.plugin_db_changes
warning  : 2 clients are using or haven’t closed the table properly
status   : OK
cacti.plugin_discover_hosts                        OK
cacti.plugin_discover_template                     OK
cacti.plugin_flowview_devices                      OK
cacti.plugin_flowview_dnscache
note     : The storage engine for the table doesn’t support check
cacti.plugin_flowview_queries                      OK
cacti.plugin_flowview_schedules                    OK
cacti.plugin_hooks                                 OK
cacti.plugin_realms                                OK
cacti.plugin_routerconfigs_accounts                OK
cacti.plugin_routerconfigs_backups                 OK
cacti.plugin_routerconfigs_devices                 OK
cacti.plugin_routerconfigs_devicetypes             OK
cacti.plugin_thold_contacts                        OK
cacti.plugin_thold_log                             OK
cacti.plugin_thold_template_contact                OK
cacti.plugin_thold_threshold_contact               OK
cacti.plugin_update_info                           OK
cacti.plugin_wmi_accounts                          OK
cacti.plugin_wmi_queries                           OK
cacti.poller                                       OK
cacti.poller_command                               OK
cacti.poller_item
warning  : 1 client is using or hasn’t closed the table properly
status   : OK
cacti.poller_output
warning  : Table is marked as crashed
warning  : 1 client is using or hasn’t closed the table properly
error    : Invalid key block position: 107523441122544244  key block size: 1024  file_length: 25600
error    : key delete-link-chain corrupted
error    : Corrupt
cacti.poller_output_boost
note     : The storage engine for the table doesn’t support check
cacti.poller_output_boost_processes
note     : The storage engine for the table doesn’t support check
cacti.poller_output_rt                             OK
cacti.poller_reindex
warning  : 1 client is using or hasn’t closed the table properly
status   : OK
cacti.poller_time                                  OK
cacti.quicktree_graphs                             OK
cacti.reportit_cache_measurands                    OK
cacti.reportit_cache_reports                       OK
cacti.reportit_cache_variables                     OK
cacti.reportit_measurands                          OK
cacti.reportit_presets                             OK
cacti.reportit_recipients                          OK
cacti.reportit_reports                             OK
cacti.reportit_rvars                               OK
cacti.reportit_templates                           OK
cacti.reportit_variables                           OK
cacti.rra                                          OK
cacti.rra_cf                                       OK
cacti.settings
warning  : 1 client is using or hasn’t closed the table properly
status   : OK
cacti.settings_graphs                              OK
cacti.settings_tree                                OK
cacti.snmp_query                                   OK
cacti.snmp_query_graph                             OK
cacti.snmp_query_graph_rrd                         OK
cacti.snmp_query_graph_rrd_sv                      OK
cacti.snmp_query_graph_sv                          OK
cacti.superlinks_auth                              OK
cacti.superlinks_pages                             OK
cacti.thold_data                                   OK
cacti.thold_template                               OK
cacti.user_auth                                    OK
cacti.user_auth_perms                              OK
cacti.user_auth_realm                              OK
cacti.user_log                                     OK
cacti.version                                      OK
cacti.weathermap_auth                              OK
cacti.weathermap_data                              OK
cacti.weathermap_maps                              OK

Repairing tables
cacti.poller_output                                OK

After the repair I ran the poller.php script again with the –-force option and this time I didn’t receive any errors and the graphs were updated again.

Afterwards I noticed that Cacti has a script of its own to repair the database. This script is called repair_database.php and can be found in the directory /var/www/html/cli/.

Upgrading Cisco switch stack

I always upgrade a switch stack with one single command. Last week I received a call from a customer with the question about the upgrade procedure for a switch stack. The customer wanted to upload the image separately to every single switch. I told him that he could upgrade all switches at once.

Since I am “playing” with a Cisco switch stack of 9 Catalyst 3750X switches today I will describe the upgrade procedure.

1. 1. You need to download the correct .tar image file;
2. 2. Copy it to the root of your FTP or TFTP server;
3. 3. Upload, extract and install the .tar file to the switches (I always use the /imageonly option, because I don’t need the html files for management);
4. 4. Reload the switch stack;

The command to upload and extract the .tar file can be found below:

sw-stack#archive download-sw /imageonly /overwrite /allow-feature-upgrade ftp://user:password@<IP address FTP server>/image-file.tar

Loading c3750e-universalk9-tar.122-55.SE1.tar !!!!!!!
[OK - 17745920/4096 bytes]

Loading c3750e-universalk9-tar.122-55.SE1.tar !!!!!!!
examining image…
extracting info (110 bytes)
extracting c3750e-universalk9-mz.122-55.SE1/info (444 bytes)
extracting info (110 bytes)

Stacking Version Number: 1.45

System Type:             0×00000002
Ios Image File Size:   0x00DE8200
Total Image File Size: 0x010ECA00
Minimum Dram required: 0×08000000
Image Suffix:          universalk9-122-55.SE1
Image Directory:       c3750e-universalk9-mz.122-55.SE1
Image Name:            c3750e-universalk9-mz.122-55.SE1.bin
Image Feature:         IP|LAYER_3|PLUS|SSH|3DES|MIN_DRAM_MEG=128

Old image for switch 1: flash:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.
Old image for switch 2: flash2:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.
Old image for switch 3: flash3:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.
Old image for switch 4: flash4:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.
Old image for switch 5: flash5:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.
Old image for switch 6: flash6:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.
Old image for switch 7: flash7:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.
Old image for switch 8: flash8:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.
Old image for switch 9: flash9:/c3750e-universalk9-mz.122-53.SE2
Old image will be deleted after download.

Extracting images from archive into flash…
Extracting images from archive into flash on switch 2…
Extracting images from archive into flash on switch 3…
Extracting images from archive into flash on switch 4…
Extracting images from archive into flash on switch 5…
Extracting images from archive into flash on switch 6…
Extracting images from archive into flash on switch 7…
Extracting images from archive into flash on switch 8…
Extracting images from archive into flash on switch 9…

extracting c3750e-universalk9-mz.122-55.SE1/c3750e-universalk9-mz.122-55.SE1.bin (14570585 bytes)
extracting c3750e-universalk9-mz.122-55.SE1/info (444 bytes)
extracting info (110 bytes)

<..>

Installing (renaming): `flash:update/c3750e-universalk9-mz.122-55.SE1′ ->
`flash:/c3750e-universalk9-mz.122-55.SE1′
New software image installed in flash:/c3750e-universalk9-mz.122-55.SE1

<..>

Removing old image: flash:/c3750e-universalk9-mz.122-53.SE2
Removing old image: flash2:/c3750e-universalk9-mz.122-53.SE2
Removing old image: flash3:/c3750e-universalk9-mz.122-53.SE2
Removing old image: flash4:/c3750e-universalk9-mz.122-53.SE2

<..>

All software images installed.

The boot parameters are automatically changed to the new IOS firmware. You can check the boot parameters with the show boot command.

Cisco ASA: web interface not working

I had to troubleshoot a Cisco ASA today, where the client wasn’t able to connect to the management web interface anymore via https. The customer didn’t install ASDM locally, but always starts the Java-based version.

After upgrading the Cisco ASA to software version 8.2(1) and a reboot, the client wasn’t able to connect to the web interface anymore. I was able to connect to the firewall with my locally installed ASDM client, but I couldn’t access the web interface either.

While troubleshooting I first tried the basic settings, like management access-list, regenerate crypto keys and change the management port. All these options didn’t help, but the strange thing was that the web interface was working remotely.

While working with Mozilla I received the following error:

cannot communicate securely with peer: no common encryption algorithm(s).

In Google Chrome I receive the following error:

Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error.

And of course Internet Explorer didn’t gave any usable information. I started looking at the supported encryption algorithms within the firewall with a show version. I noticed that VPN-3DES-AES was disabled. The next step was the enable the VPN-3DES-AES ciphers. The upgrade license for this feature is available for free at http://www.cisco.com/go/license.

I activated the VPN-3DES-AES feature, but still wasn’t able to connect to the firewall with the web interface. I checked the SSL encryption used by the firewall.

fw01# show ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: des-sha1
Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled

The firewall still didn’t enable the ciphers supported in my browser. If the VPN-3DES-AES license isn’t installed, only the cipher des-sha1 is enabled by default. I added the correct ciphers with the following command:

fw01(config)# ssl encryption aes256-sha1 aes128-sha1 3des-sha1

After adding the command I was able to connect to the ASA with both the web interface and the ASDM.

Upgrade Cacti 0.8.x

A lot of people use the CactiEZ virtual appliance to install a running Cacti environment. The latest CactiEZ virtual appliance (CactiEZ v0.6) uses Cacti v0.8.7c with Plugin Architecture 2.2. Of course a lot of people are developing Cacti and the latest stable version is Cacti v0.8.7g with Plugin Architecture 2.8.

I always have trouble with upgrading Cacti, because you have to take multiple steps and you shouldn’t forget one. This blog post helps, because it shows the steps to take for upgrading to the latest version of Cacti.

I always start with changing the default behavior of the cp command. The command default adds the parameter –i, which creates an interactive command. The result of the –i parameter is an overwrite question before copying, like shown below.

cp: overwrite `/var/www/html/docs/html/data_input_methods.html’?

This behavior can be changed by deleting or commenting out the cp-alias within /root/.bashrc. Don’t forget to logout and login again.

Now we are ready to upgrade Cacti. Let’s go.

1. First you need to backup the current Cacti database;

mysqldump -l –add-drop-table cacti > cacti_sql_backup

2. Backup your current Cacti html directory;

mv /var/www/html /var/www/html.bak

3. Copy the new tarball to the target system and extract the tarball;

tar zxvf cacti-0.8.7g.tar.gz

4. Move the new files over the Cacti root directory;

mv /root/cacti-0.8.7g/ /var/www/html/

5. Edit include/config.php to include the correct database credentials and default session name;

$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactiuser”;
$database_port = “3306″;

#$cacti_session_name = “CactiMadeEZ”;

6. Copy the *.rrd files, scripts and XML files from the old Cacti directory;

cp /var/www/html.bak/rra/* /var/www/html/rra/.
cp -rfv /var/www/html.bak/scripts/* /var/www/html/scripts/
cp -rfv /var/www/html.bak/resource/* /var/www/html/resource/

7. Set the appropriate owner and permissions;

chown –R apache:apache /var/www/html

8. Go the the Cacti website and follow the screen instructions to upgrade the database;

9. Copy and extract the plugin architecture tarball, copy .diff file to the Cacti root directory and apply the patch;

tar zxvf cacti-plugin-0.8.7g-PA-v2.8.tar.gz
cp /root/cacti-plugin-arch/cacti-plugin-0.8.7g-PA-v2.8.diff /var/www/html/.
cd /var/www/html
patch -p1 –N < cacti-plugin-0.8.7g-PA-v2.8.diff

10. Change the file include/global.php to include the correct database credentials, default session name and the plugin list;

/* Default database settings*/
$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactiuser”;
$database_port = “3306″;

/* Default session name – Session name must contain alpha characters */
$cacti_session_name = “CactiMadeEZ”;

$plugins = array();
$plugins[] = ‘settings’;
<..>
$plugins[] = ‘superlinks’;

11. Copy the old plugins directory;

cp -rfv /var/www/html.bak/plugins/* /var/www/html/plugins/.

12. Go to Configuration – Plugin Management to install / enable your plugins. Install / enable the plugin loginmod to get your customized login page back.

Now the upgrade is ready and you are set to experience your freshly upgraded CactiEZ appliance.