Connecting the world…

cactiez

Upgrade Cacti 0.8.x

A lot of people use the CactiEZ virtual appliance to install a running Cacti environment. The latest CactiEZ virtual appliance (CactiEZ v0.6) uses Cacti v0.8.7c with Plugin Architecture 2.2. Of course a lot of people are developing Cacti and the latest stable version is Cacti v0.8.7g with Plugin Architecture 2.8.

I always have trouble with upgrading Cacti, because you have to take multiple steps and you shouldn’t forget one. This blog post helps, because it shows the steps to take for upgrading to the latest version of Cacti.

I always start with changing the default behavior of the cp command. The command default adds the parameter –i, which creates an interactive command. The result of the –i parameter is an overwrite question before copying, like shown below.

cp: overwrite `/var/www/html/docs/html/data_input_methods.html’?

This behavior can be changed by deleting or commenting out the cp-alias within /root/.bashrc. Don’t forget to logout and login again.

Now we are ready to upgrade Cacti. Let’s go.

1. First you need to backup the current Cacti database;

mysqldump -l –add-drop-table cacti > cacti_sql_backup

2. Backup your current Cacti html directory;

mv /var/www/html /var/www/html.bak

3. Copy the new tarball to the target system and extract the tarball;

tar zxvf cacti-0.8.7g.tar.gz

4. Move the new files over the Cacti root directory;

mv /root/cacti-0.8.7g/ /var/www/html/

5. Edit include/config.php to include the correct database credentials and default session name;

$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactiuser”;
$database_port = “3306”;

#$cacti_session_name = “CactiMadeEZ”;

6. Copy the *.rrd files, scripts and XML files from the old Cacti directory;

cp /var/www/html.bak/rra/* /var/www/html/rra/.
cp -rfv /var/www/html.bak/scripts/* /var/www/html/scripts/
cp -rfv /var/www/html.bak/resource/* /var/www/html/resource/

7. Set the appropriate owner and permissions;

chown –R apache:apache /var/www/html

8. Go the the Cacti website and follow the screen instructions to upgrade the database;

9. Copy and extract the plugin architecture tarball, copy .diff file to the Cacti root directory and apply the patch;

tar zxvf cacti-plugin-0.8.7g-PA-v2.8.tar.gz
cp /root/cacti-plugin-arch/cacti-plugin-0.8.7g-PA-v2.8.diff /var/www/html/.
cd /var/www/html
patch -p1 –N < cacti-plugin-0.8.7g-PA-v2.8.diff

10. Change the file include/global.php to include the correct database credentials, default session name and the plugin list;

/* Default database settings*/
$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactiuser”;
$database_port = “3306”;

/* Default session name – Session name must contain alpha characters */
$cacti_session_name = “CactiMadeEZ”;

$plugins = array();
$plugins[] = ‘settings’;
<..>
$plugins[] = ‘superlinks’;

11. Copy the old plugins directory;

cp -rfv /var/www/html.bak/plugins/* /var/www/html/plugins/.

12. Go to Configuration – Plugin Management to install / enable your plugins. Install / enable the plugin loginmod to get your customized login page back.

Now the upgrade is ready and you are set to experience your freshly upgraded CactiEZ appliance.

Step-by-step guide: SwitchMap under CactiEZ

Switchmap is a Perl program that creates HTML pages that show information about a set of Cisco Ethernet switches. It uses SNMP to gather data from the switches. Normally I install Switchmap in conjunction with CactiEZ and every time I am struggling to get Switchmap to work perfectly.

During another installation I wrote this step-by-step guide to configure switchmap correctly. This step-by-step guide is based on switchmap version 11.19. At first you have to download switchmap, extract it to the /var/www/html directory and rename the folder.

tar zxvf switchmap-11.19.tar.gz
mv switchmap-11.19 switchmap

Switchmap depends on multiple Perl modules, so install the necessary modules.

perl -MCPAN -e shell
install Log::Log4perl
install Module::Build
install Net::SNMP
install Log::Dispatch::Screen

Make sure your routers and Catalyst switches are configured to speak SNMP.

snmp-server community read4switchmap RO

Now you have to define your site-specific variables in ThisSite.pm. I changed the following parameters.

@routers = ();
push @routers, ‘10.62.4.2’;

@LocalSwitches = ();
push @LocalSwitches, ‘10.62.4.2’;

$Community = ‘read4switchmap’;

$DnsDomain = ‘.booches.nl’;

$DestinationDirectory = ‘/var/www/html/switchmap’;

$DestinationDirectoryRoot = ‘/switchmap’;

$StateFileDirectory = ‘/var/www/html/switchmap’;

Change the configfile variable in index.php to the following:

$configfile=’/var/www/html/switchmap/ThisSite.pm’;

Switchmap has the option to search for IP addresses and MAC addresses, but you have to alter the configuration to get this functionality working. First change the following in FindOffice.pl.

use lib ‘/var/www/html/switchmap’;

Change the configuration of the web server to allow it to run CGI files from the switchmap directory. I added the following lines above the existing ScriptAlias in /etc/httpd/conf/httpd.conf.

ScriptAlias /cgi/ “/var/www/html/switchmap/”

<Directory “/var/www/html/switchmap”>
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

Edit SearchPortLists.html and change the following lines.

<link href=”/switchmap/SwitchMap.css” rel=”stylesheet”>

<form method=GET action=”/cgi/FindOffice.pl”>

Change the rights on the files FindOffice.pl and ThisSite.pm

chmod 777 FindOffice.pl
chmod 777 ThisSite.pm

Now you can test run your installation by executing the following 3 commands:

perl GetArp.pl
perl ScanSwitch.pl
perl SwitchMap.pl

When the commands are executed you can point your browser to:

http://<cacti-url>/switchmap/index.html

and you should have a working Switchmap configuration.

The last step is configuring a cron job to schedule switchmap. Change the cron configuration using the command

crontab –e

and add the following lines.

44 * * * * perl /var/www/html/switchmap/ScanSwitch.pl
49 * * * * perl /var/www/html/switchmap/GetArp.pl
05 14 * * * perl /var/www/html/switchmap/SwitchMap.pl

You are good to go!! I hope this step-by-step guides makes my life (and hopefully also your life) a bit easier when installing a new Switchmap under CactiEZ.

IPplan – IP address management

A lot of customers have different methods for their IP address management. Most of them use some kind of static documentation, like an Excel sheet. In the past I implemented IPplan multiple times. I like this tool, because it dynamically scans multiple IP subnets, using ICMP and/or Nmap. Another advantage of IPplan is its ability to perform hostname lookups.

Often I install IPplan on an active management system, like CactiEZ. The following howto shows the steps to implement IPplan under CactiEZ.

The first step is downloading the appropriate tar.gz file and extract his file in /var/www/html, like shown below.

tar zxvf ipplan-4.92a.tar.gz

Next I change the ownership and permissions of the ipplan directory.

chown –R apache:apache ipplan
chmod –R 750 ipplan

After changing the permissions I create the necessary database for ipplan.

mysql –u root –p
mysql> create database ipplan;

This creates a database called ipplan. Now we need to create a user with the appropriate permissions for the ipplan database.

mysql> GRANT SELECT,INSERT,UPDATE,DELETE on ipplan.* \
    -> TO ipplan@localhost IDENTIFIED by ‘password’;

You can change the value ‘password’ to a password you wish. Change the credentials, configured in the previous step, in the file called config.php.

Open a web browser and point it to the installation script in the admin directory (http://ip-address/ipplan/admin/install.php). You will be prompted to create the database schema. The user created above does not have enough permissions to create tables so you will need to either copy the statements into the database, or temporarily change the database password in the config.php file to a database user that has enough rights to do this. You could be asked to enter user credentials for the website. This user credentials can be found in config.php.

I always load the statements by copying the display output from the install.php script into a file (ipplan.sql) and then executing the file using mysql statements.

mysql –u root –p ipplan < ipplan.sql

The basic installation is now complete. We will now go ahead and create a private menu. Open the file config.php and find the section START OF MENU EXTENSION. Change this section into the following to create a private menu.

// private menu extensions to the ipplan menu system
define(“MENU_PRIV”, TRUE);
define(“MENU_EXTENSION”,
“.|4IP
..|Show used area’s|http://<ip address>/ipplan/user/modifyarearange.php?cust=1
..|Show used subnets|http://<ip address>/ipplan/user/treeview.php
..|Create new subnets|http://<ip address>/ipplan/user/createsubnetform.php
..|Edit subnets|http://<ip address>/ipplan/user/modifybaseform.php

);

The IPplan poller needs to be added to the crontab configuration. The IPplan poller uses a custom file to know which IP addresses the scan. I normally create a .txt file. The following output show the syntax for the .txt file.

172.22.2.0/24
10.10.0.0/22

I configure the poller to run every day at 9, 12 and 15. You can edit the crontab with the command:

crontab –e

# Crontab for IPplan poller
0 9,12,15 * * * php /var/www/html/ipplan/contrib/ipplan-poller.php -hostnames -c 1 -f /var/www/html/ipplan/4IP-Networks.txt

There is one last step to take. When you manually execute the command above, you will receive the following error message:

Cannot find NMAP!

The last step is to install NMAP and configure its location in config.php. CactiEZ uses yum to install packages. So I use the following command to install nmap.

yum install nmap

Nmap can be found in the directory /usr/bin/. Look for the nmap section in config.php and change the nmap configuration to the following.

//define(“NMAP”, ”);
define(“NMAP”, ‘/usr/bin/nmap’);

The rest of the configuration needs to be done through the web interface. My advise is to configure some user groups and users, before adding subnets to IPplan. You can also change more settings in config.php to match it to your own environment, like the e-mailserver and helpdesk e-mail address.

Sometimes you receive Fatal error: require_once(): Failed opening required ‘../adodb/adodb.inc.php’ message. I resolved this issue by changing line 42 & 43 in ipplan-poller.php from:

require_once(“../adodb/adodb.inc.php”);
require_once(“./config.php”);

to

require_once(“/var/www/html/ipplan/adodb/adodb.inc.php”);
require_once(“/var/www/html/ipplan/config.php”);

This should solve the problem.

Cacti, easy going

A decent management server is very important in a network, at least that is my opinion. The most important aspect of a management server is its user friendliness. Our customers are most of the time busy with their own problems and the problems of end users, which include all kind of (silly) problems. So the most of them don’t have a lot of time to spend on configuring a management server.

That is why I like Cacti and especially CactiEZ. CactiEZ is a software appliance, which is up and running in half an hour. After that you just add some devices and you can generate some nice bandwidth statistics with the help of RRDTool. I have also seen a lot of other management servers, like Nagios, HP OpenView and Cisco Works, but the most of them are hard to configure and end up as mp3 player…..

When I configure a management server only for network components like switches, routers and/or firewalls, I always use CactiEZ. It is easy to install and gives me all the things I need. The most important options of Cacti for me are: bandwidth statistics, syslog messages, flow view, mac tracking, reporting and so one. Especially if you combine Cacti(EZ) with SwitchMap, you have a nice, easy to use and robust management server for your network.