Suse Installation

NeDi on SLES11

SLES 11 base installation

by raider82

  • Boot from CD
  • Select language, keyboard and accept license
  • Skip checking the installation media
  • Choose “New Installation”
  • Select Time Zone
  • Choose scenario “Physical Machine” (also for virtual installation)
  • Change Software (remove graphical components: X-Window-System, Gnome;
  • Remove Print-Server, Web-based Enterprise manager; make sure you do not have a DHCP server installed!!, add Web and LAMP-Server)
  • Install System
  • After reboot, enter root password
  • Enter hostname and domain information
  • Disable IPv6, enable HTTP, HTTPS and SSH access on the Firewall
  • Do not create CA and Certificate
  • Choose local passwords
  • Enter a user and password (e.g. nediusr)
  • Accept release notes
  • Do not configure printers
  • Finish installation

Preparations for NeDi

  • Install packages: perl-net-snmp, perl-net-telnet, php5-snmp, php5-gd, php5-mysql, perl-dbd-mysql, gd, rrdtool, perl-crypt-openssl-rsa, php5-dba, perl-IO-TTY (and the dependencies yast suggests)
  • Enable MySQL and Apache2 Services in yast: System -> System Services -> Runlevel
  • Set MySQL Password: mysqladmin -u root password
  • Create MySQL user for nedi: mysql -u root -p CREATE USER ‘nedi’@’localhost’ IDENTIFIED BY ”;
  • Create database for NeDi: create database nedi;
  • Grant access rights for new user to nedi database: grant all on nedi.* to ‘nedi’@’localhost’;
  • flush privileges;
  • Restart mysql (/etc/init.d/mysql restart)
  • Enable short_open_tag via php.ini (/etc/php5/apache); short-open-tag = On; restart apache (/etc/init.d/apache2 restart)

Prepare CPAN

  • General note: always use suggested default values; always follow packages, etc.
  • perl -MCPAN -e ‘shell’
  • install CPAN
  • reload CPAN
  • install YAML
  • install Algorithm::Diff
  • install Net::Telnet::Cisco (skip tests)
  • quit

Install NeDi

  • Add NeDi user to “www” group in /etc/groups
  • Download NeDi
  • Unpack: tar -xvzf nedi-xxx.tgz
  • Move to /var directory: mv nedi /var/nedi
  • cd /var
  • chown -R nediusr:www ./nedi
  • cd /var/nedi
  • Clear Web directory: rm /srv/www/htdocs/*
  • Copy html files to web directory: cp -r html/* /srv/www/htdocs
  • chown -R nediusr:www /srv/www/htdocs
  • Edit nedi.conf (database user, SNMP community, filter HP-UX|Linux, etc.)
  • Fill nedi database: ./nedi.pl -i (use root and password)
  • Link nedi.conf to /etc: ln -s /var/nedi/nedi.conf /etc

Optional

Enable HTTPS

  • a2enmod ssl
  • a2enflag SSL
  • /usr/bin/gensslcert
  • Enable Virtual Server for HTTPS
  • cd /etc/apache2/vhosts.d
  • cp vhost-ssl.template vhost-ssl.conf
  • vi vhost-ssl.conf; add:
 <Directory "/srv/www/htdocs">
 Options None
 AllowOverride None
 Order allow,deny
 Allow from all
  • Make a redirect from insecure protocol to HTTPS
  • Make a new directory for insecure connection: mkdir /srv/www/htdocs80
  • cd /srv/www/htdocs80
  • vi index.html:
<script type="text/javascript">// <![CDATA[
window.location.replace ('https://xyz');
// ]]></script>

vi /etc/apache2/default_server.conf:

  • Replace htdocs directory with htdocs80 directory everywhere
  • chown -R nediusr:www /srv/www/htdocs80
  • /etc/init.d/apache2 restart

Finalizing

  • Create different config files
  • Create seedlists
  • Enter cron jobs

Additional

MySQL

As in most other distro’s, SuSe installs MySQL without a root password so if you have just installed it, create it by:

mysqladmin -u root password <mypassword>

And also check that the service starts at boot…

MIBS

snmpwalk is great but download cisco mibs to, for example, /usr/local/share/snmp/mibs/cisco so that one can get nice output when going thru cisco specific things

ftp://ftp.cisco.com/pub/mibs/v2/v2.tar.gz

Example:

snmpwalk -M /usr/local/share/snmp/mibs/cisco -m CISCO-CDP-MIB -v 1 -c public device cdpCacheTable

or

snmptable -M /usr/local/share/snmp/mibs/cisco -m CISCO-CDP-MIB -v 1 -c public device cdpCacheTable

One can also download other mibs from other suppliers and place in their own directory

syslog-ng

Default syslogd is syslog-ng which does not listen for syslog via network. This means that syslog.pl can listen to syslog without changing the “standard” syslog config.

Also, spoof_source, doesn’t seem to have been enabled at compilation. This means one can’t have a syslog-ng resend to syslog.pl unless one recompiles from source.