main

Obvserve all the things


Today we will be installing observium on a centOS system with an apache webserver

Install the EPEL and RPMForge repo's if you havent already

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Now we can install the dependancys needed for the install

yum groupinstall 'development tools'
yum install wget httpd php php-mysql php-gd php-snmp php-posix vixie-cron php-mcrypt php-pear net-snmp net-snmp-utils graphviz subversion mysql-server mysql rrdtool fping ImageMagick jwhois nmap ipmitool php-pear.noarch MySQL-python

Now we can go ahead with installing observium

Change Directory to somewhere you feel approprate for the install. I have used /opt

cd /opt
wget http://www.observium.org/observium-community-latest.tar.gz
tar zxvf observium-community-latest.tar.gz

Change directory to the extracted folder

cd observium

We will come back to the rest of that setup after we create the database

This is if you have just installed the mysql server
you will need to set the root password
generate a nice password with

openssl rand -base64 12

Copy that password somewhere for now then start the mysql service

service mysqld start

and set the root password with

mysqladmin -u root password 'GENERATEDPASSWORDFROMABOVE'

Now this password is going to be a pain in the ass to remember so we can save this on the server so all you have to do to login is type mysql

Create a new a file called .my.cnf inside /root

nano /root/.my.cnf

Edit it to look like

[mysql]
user = root
password = GENERATEDPASSWORDFROMABOVE
host = localhost

save that and test the login using command mysql

This should chuck you straght into a mysql> prompt.

Ok now we can setup the observium database and user to connect to it with so exit from the mysql> prompt by typing the command \q

And generate another password with

openssl rand -base64 12

copy that somewhere and hop back into the mysql> prompt and type the following

CREATE DATABASE observium;
GRANT ALL PRIVILEGES ON observium.* TO 'observium'@'localhost' IDENTIFIED BY 'GENERATEDPASSWORD';

Again type \q

to exit from the prompt

back to the rest of the observium setup
Do

cp config.php.default config.php

and start editing these parts

//Database config

With the details you created above and then add

$config['geocoding']['enable'] = TRUE;
$config['geocoding']['api'] = 'mapquest';
$config['fping'] = "/usr/sbin/fping";

to the bottom of the file this sets up geolocation from mapquest and shows observium where to find the fping binary

We can now fill the database with the correct schema

php includes/update/update.php

We will now create a directory for apache to store infomation in

mkdir rrd
chown apache:apache rrd

Next we can configure our vhost's

<VirtualHost *:80>
	 DocumentRoot /opt/observium/html/
	 ServerName  observium.domain.com
	 CustomLog /opt/observium/logs/access_log combined
	 ErrorLog /opt/observium/logs/error_log
 <Directory "/opt/observium/html/">
	   AllowOverride All
	   Options FollowSymLinks MultiViews
 </Directory>
</VirtualHost>
<VirtualHost *:443>
	 DocumentRoot /opt/observium/html/
	 ServerName  observium.domain.com
	 CustomLog /opt/observium/logs/saccess_log combined
	 ErrorLog /opt/observium/logs/serror_log
	 SSLEngine on
	 SSLCertificateFile /etc/pki/tls/certs/YOURCERT.crt
	 SSLCertificateKeyFile /etc/pki/tls/private/YOURKEY.key
	 SSLCertificateChainFile /etc/pki/tls/certs/ca.crt
	 SSLCipherSuite AES256+EECDH:AES256+EDH
	 SSLProtocol All -SSLv2 -SSLv3
	 SSLHonorCipherOrder On
	  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
	  Header always set X-Frame-Options DENY
	  Header always set X-Content-Type-Options nosniff
 <Directory "/opt/observium/html/">
	  AllowOverride All
      Options FollowSymLinks MultiViews
 </Directory>
</VirtualHost>

You can omit the SSL config if you dont have any certs but it would be advisable seeing as you will have to login to the page and passwords in the clear is lame. Just use a self signed cert its better than nothing.

To generate a self signed cert first we will generate a key

openssl genrsa -des3 -out server.key 2048

Then a CSR

openssl req -new -key server.key -out server.csr

You can fill out the details as you wish theres nothing really important in there just make sure when asked for the common name you include the domain you wish to use for observium. Also dont use a passphrase thats just lame. Next sign the cert with

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Then copy the SSL certs to the paths you specified in the SSL vhosts

Ok now we can setup our Admin user for observium

cd /opt/observium
./adduser.php username superpassword 10

Setting up a client

On your client (the one you want to observe)
Install the needed dependancys

yum install net-snmp-utils net-snmp

Then make sure the service starts on boot with

chkconfig snmpd on
wget http://www.observium.org/svn/observer/trunk/scripts/distro
mv distro /usr/bin/distro
chmod +x /usr/bin/distro

Then open up /etc/snmp/snmpd.conf and delete all the config in there replace it with
com2sec readonly default YOURCOMMUNITYNAME
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation "US, Northern Virginia"
syscontact YOUR@EMAIL.COM
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro

The parts you need to edit are YOURCOMMUNITYNAME change this to some kind of secret. The syslocation directive needs to be in the format of two letter country, city name and change syscontact to your email. Next open udp port 161 in your firewall. And then start the service with

service snmpd start

Now its time to login to your observium page
under the devices drop down click add device add a resolvable domain on your server in the hostname section and then under the SNMPv1/v2c Configuration add the comunity name you added above then click add device. If all went well there should be no error messages. We can now finish off the server config
Do

cd /opt/observium
./discovery.php -h all && ./poller.php -h all

This will pull info from your latest added devices allow this to finish now we can add a cronjob to carry this out for us
open up /etc/crontab and add

33  */6   * * *   root    /opt/observium/discovery.php -h all >> /dev/null 2>&1
*/5 *	   * * *   root    /opt/observium/discovery.php -h new >> /dev/null 2>&1
*/5 *	   * * *   root    /opt/observium/poller-wrapper.py 1 >> /dev/null 2>&1

Save and close the file save these changes with

service crond reload

and then !TADA! you should be able to see all the infos give it a little while to populate all the graphs and enjoy

img