Getting Started with rConfig on CentOS 7
I’ve been a long time user of RANCID for change management on network devices but frankly it’s always left me feeling a little bit of a pain to use and not particularly modern. I recently decided it was time for my OpenNMS/RANCID server to be rebuilt, moving OpenNMS up to a CentOS 7 installation and in doing so thought it was time to start looking around for an network device configuration management alternative. As is many times the way in the SMB space, this isn’t a task that actual budgetary dollars are going to go towards so off to Open Source land I went! rConfig immediately caught my eye, lookingto me like RANCID’s hipper, younger brother what with its built in web GUI (through which you can actually add your devices), scheduled tasks that don’t require you to manually edit cron, etc. The fact that rConfig specifically targets CentOS as its underlaying OS was just a whole other layer of awesomesauce on top of everything else.
While rConfig’s website has a couple of really nice guides once you create a site login and use it, much to my dismay I found that they hadn’t been updated for CentOS 7 and while working through them I found that there are actually some pretty significant differences that effect the setup of rConfig. Some difference of minor (no more iptables, it’s firewalld) but it seems httpd has had a bit of an overhaul. Luckily I was not walking the virgin trail and through some trial, error and most importantly google I’ve now got my system up and running. In this post I’m going to walk through the process of setting up rConfig on a CentOS minimal install with network connectivity with hopes that 1) it may help you, the two reader’s I’ve got, and 2) when I inevitably have to do this again I’ll have documentation at hand.
Before we get into it I will say there are few artistic licenses I’ve taken with rConfig’s basic setup.
I’ll be skipping over the network configuration portion of the basic setup guide. CentOS7 has done a great job of having a single configuration screen at install where you setup your networking among other things. The system is designed to run on MySQL but for a variety of reasons I prefer MariaDB . The portions of the creator’s config guide that deal with these components are different from what you see here but will work just fine if you do them they way described. I’m virtualized kind of guy so I’ll be installing the newly supported open-vm-tools as part of the config guide. Of course, if you aren’t installing on ESXi you won’t be needing these. Finally before proceeding please be sure to go ahead and run a yum update to make sure everything’s up to date and you really do have connectivity. Disabling Stuff
Even with the minimal installation there are things you need to stop to make things work nice, namely the security measures. If you are installing this in the will this would be a serious no no, but for a smaller shop behind a well configured firewall it should be ok.
vi / etc / sysconfig / selinux
Once in the file you need to change the “ SELINUX = enforcing ” line to “ SELINUX = disabled “. To do that hit “i” and then use vi like notepad with the arrow keys. When done hit Esc to exit insert mode and “ : wq ” to save and exit.
systemctl disable firewalld.servicesystemctl stop firewalld.service systemctl disablefirewalld.servicesystemctl stop firewalld.service Installing the Prerequisites
Since we did the minimal install there are lots of things we need to install. If you are root on the box you should be able to just cut and paste the following into the cli and everything gets installed. As mentioned in the original Basic Config Guide, you will probably want to cut and past each line to make sure everything gets installed smoothly.
yum install -y wget mlocate attr open-vm-toolsyum -y install httpd openssl-devel openssl mod_ssl vsftpdyum -y groupinstall ‘Development Tools’yum -y install telnet bind-utilsyum -y install vixie-cron crontabsyum -y install mariadb-client mariadb-server mod_authn_dbd mariadb-devel yum install-ywgetmlocateattropen-vm-toolsyum-yinstallhttpdopenssl-developensslmod_sslvsftpdyum-ygroupinstall’Development Tools’yum-yinstalltelnetbind-utilsyum-yinstallvixie-croncrontabsyum-yinstallmariadb-clientmariadb-server mod_authn_dbdmariadb-devel Autostart Services
Now that we’ve installed all that stuff it does us no good if it isn’t running. CentOS 6 used the command chkconfig on|off to control service autostart. In CentOS 7 all service manipulation is now done under the systemctl command. Don’t worry too much, if you use chkconfig or service start both at this point will still alias to the correct commands.
systemctl enable ntpd.servicesystemctl start ntpd.servicesystemctl enable httpd.servicesystemctl start httpd.servicesystemctl enable mysqld.servicesystemctl start mysqld.servicesystemctl enable vsftpd.servicesystemctl start vsftpd.servicesystemctl enable crond.servicesystemctl start crond.service systemctl enablentpd.servicesystemctl startntpd.servicesystemctl enablehttpd.servicesystemctl starthttpd.servicesystemctl enablemysqld.servicesystemctl startmysqld.servicesystemctl enablevsftpd.servicesystemctl startvsftpd.servicesystemctl enablecrond.servicesystemctl startcrond.service Finalize Disable of SELinux
One of the hard parts for me was getting the step 5/6 in the build guide to work correctly. If you don’t do it the install won’t complete, but it also doesn’t work right out of the box. To fix this the first line in prerequisites installs the attr package which contains the setfattr executable. Once that’s installed the following checks to see if the ‘.’ is still in the root directories ACLs and removes it from the /home directory. By all means if you know of a better way to accomplish this (I thought of putting the install in the /opt directory) please let me know in the comments or on twitter.
cd /ll | grep home**output** drwxr-xr-x. 2 root root 4096 Sep 23 2011 homefind /home -print0 | xargs -0 -n 1 sudo setfattr -h -x security.selinux cd/ll|grephome**output** drwxr-xr-x. 2rootroot 4096Sep23 2011homefind/home-print0|xargs-0-n1sudosetfattr-h-xsecurity.selinux MySQL Secure Installation on MariaDB
MariaDB accepts any commands you would normally use with MySQL. the mysql_secure_installation script is a great way to go from baseline to well secured quickly and is installed by default.The script is designed to
Set root password Remove anonymous users Disallow root logon remotely Remove test database and access to it Finally reload the privilege tables
I tend to take all of the defaults with the exception of I allow root login remotely for easier management. Again, this would be a very bad idea for databases with external access.
#Verify that MariaDB is runningsystemctl status mariadb.service**output**mariadb.service – MariaDB database server**output** Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled)**output** Active: active (running) sincemysql_secure_installation #Verify that MariaDB is runningsystemctl statusmariadb.service**output** mariadb.service-MariaDBdatabaseserver**output**Loaded:loaded(/usr/lib/systemd/system/mariadb.service;enabled)**output**Active:active(running)sincemysql_secure_installation
Then follow the prompts from there.
As a follow up you may want to allow remote access to the database server for management tools such as Navicat or Heidi SQL. To do so enter the following where X.X.X.X is the IP address you will be administering from. Alternatively you can use [email protected]’%’ to allow access from anywhere.
mysql -u root -p***output*** password:mysql> GRANT ALL ON *.* to
[email protected]’X.X.X.X’ IDENTIFIED BY ‘your-root-password’;mysql> FLUSH PRIVILEGES; mysql-uroot-p***output***password:mysql>GRANTALLON*.*
Configure VSFTPd FTP Software
# Install VSFtpd and configure itmv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.originalecho "#Custom rConfig VSFTPD conf file" > /etc/vsftpd/vsftpd.conf;echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf;echo "listen=YES" >> /etc/vsftpd/vsftpd.conf;echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf;echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf;echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf;echo "dirmessage_enable=YES" >> /etc/vsftpd/vsftpd.conf;echo "xferlog_enable=YES" >> /etc/vsftpd/vsftpd.conf;echo "connect_from_port_20=YES" >> /etc/vsftpd/vsftpd.conf;echo "xferlog_std_format=YES" >> /etc/vsftpd/vsftpd.conf;echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf;echo "userlist_enable=YES" >> /etc/vsftpd/vsftpd.conf;echo "tcp_wrappers=YES" >> /etc/vsftpd/vsftpd.conf;echo "idle_session_timeout=600" >> /etc/vsftpd/vsftpd.conf;echo "data_connection_timeout=120" >> /etc/vsftpd/vsftpd.conf;echo "ftpd_banner=Welcome to the FTP Service" >> /etc/vsftpd/vsftpd.conf;echo "ls_recurse_enable=YES" >> /etc/vsftpd/vsftpd.conf;systemctl enable vsftpd.servicesystemctl start vsftp.service # Install VSFtpd and configure it mv/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.original echo"#Custom rConfig VSFTPD conf file">/etc/vsftpd/vsftpd.conf; echo"anonymous_enable=NO">>/etc/vsftpd/vsftpd.conf; echo"listen=YES">>/etc/vsftpd/vsftpd.conf; echo"local_enable=YES">>/etc/vsftpd/vsftpd.conf; echo"write_enable=YES">>/etc/vsftpd/vsftpd.conf; echo"local_umask=022">>/etc/vsftpd/vsftpd.conf; echo"dirmessage_enable=YES">>/etc/vsftpd/vsftpd.conf; echo"xferlog_enable=YES">>/etc/vsftpd/vsftpd.conf; echo"connect_from_port_20=YES">>/etc/vsftpd/vsftpd.conf; echo"xferlog_std_format=YES">>/etc/vsftpd/vsftpd.conf; echo"pam_service_name=vsftpd">>/etc/vsftpd/vsftpd.conf; echo"userlist_enable=YES">>/etc/vsftpd/vsftpd.conf; echo"tcp_wrappers=YES">>/etc/vsftpd/vsftpd.conf; echo"idle_session_timeout=600">>/etc/vsftpd/vsftpd.conf; echo"data_connection_timeout=120">>/etc/vsftpd/vsftpd.conf; echo"ftpd_banner=Welcome to the FTP Service">>/etc/vsftpd/vsftpd.conf;echo"ls_recurse_enable=YES">>/etc/vsftpd/vsftpd.conf; systemctl enablevsftpd.servicesystemctl startvsftp.service
Now that we’ve got the basics of setting up the OS and the underlying applications out of the way let’s get to the business of setting up rConfig for the first time. First we need to edit the sudoers file to allow the apache account access to various applications. Begin editing the sudoers file with the visudo command, arrow your way to the bottom of the file and enter the following:
apache ALL = (ALL) NOPASSWD: /usr/bin/crontab, /usr/bin/zip, /bin/chmod, /bin/chown, /usr/bin/whoamiDefaults:apache !requiretty apache ALL=(ALL)NOPASSWD:/usr/bin/crontab,/usr/bin/zip,/bin/chmod,/bin/chown,/usr/bin/whoamiDefaults:apache!requiretty rConfig Installation
First you are going to need to download the rConfig zip file from their website. Unfortunately the website doesn’t seem to work with wget so you will need to download it to a computer with a GUI and then upload it via SFTP to your rConfig server. (ugh) Once the file is uploaded to your /home directory back at your server CLI do the following commands
cd /homeunzip rconfig-3.0.3.zip #3.0.3 is the latest version at time of writing, this may differ for you.chown -R apache /home/rconfig cd/homeunzip rconfig-3.0.3.zip #3.0.3 is the latest version at time of writing, this may differ for you.chown-Rapache/home/rconfig
Next we need to copy the the httpd.conf file over to /etc/httpd/conf directory. This is where I had the most issues of all in that the conf file included is for httpd in CentOS 6 and there are some module differences between 6 and 7. Attached here is a modified version that I was able to get working successfully after a bunch of failures. The file found here(httpd.txt) will need to replace the existing httpd.conf before the webapp will successfully start. If the file is copied to the /home/rconfig directory the shell commands would be
mv /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.originalcp /home/rconfig/httpd.txt /etc/httpd/conf/httpd.confsystemctl start httpd.service mv/etc/httpd/conf/httpd.conf/etc/httpd/conf/httpd.conf.original cp/home/rconfig/httpd.txt/etc/httpd/conf/httpd.conf systemctl starthttpd.service
As long as the httpd service starts backup up correctly you should now be good to go with the web portion of the installation which is pretty point and click. Again for the sake of brevity just follow along at the rconfig installation guide starting with section rConfig web installation and follow along to the end. We’ll get into setting up devices in a later post, but it is a pretty simple process if you are used to working with networking command lines.
Axure汉化版已经发布，版本号Axure 18.104.22.1689，下面是截图效果 Axure汉化版文件下载地址：Axure汉化补丁 Axure RP pro 22.214.171.1249 下载地址注册用户名：Axure 序列...
BI中文站 6月7日报道 艾默生·斯帕茨(Emerson Spartz)今年28岁，已婚，是Spartz Inc公司的首席执行官。Spartz Inc是一个网站媒体帝国，旗下的30多家网站专门发布有趣、励志和让人感到不可思议的文章和帖子，其分享量非常...
- 【每日一博】Mysql Fabric 实现学习笔记
- 配置Spring JDBC的事务回滚失效
- mysql command line client 使用命令
- mysql 触发器
- Location of MySQL&amp;#x27;s my.cnf file
- MySQL Date Gotchas
- mysql 创建定时器
- Speaking at Oracle OpenWorld 2014