Various Ways to Determine Public IP on Linux CLI

Always when you are working a lot with CLI environment, Linux particularly, you would like to know the public IP address especially when you were running on NAT environment. Here is a list of command that you can use to determine the public IP of your host via command line.

Using curl

cURL is mostly available on all Linux distributions, and is the most popular way to determine public IP address of the host. You just need to know the URL or host that will response with the correct public IP as per below:

$ curl ifconfig.me
52.74.127.152
 
$ curl ipecho.net/plain
52.74.127.152
 
$ curl ident.me
52.74.127.152
 
$ curl icanhazip.com
52.74.127.152
 
$ curl bot.whatismyipaddress.com
52.74.127.152

Using wget

Basically, command executed on curl can be replace with wget -qO- option, as per below:

$ wget -qO- http://ipecho.net/plain
52.74.127.152

Using Lynx

Lynx is a text-based browser which runs like a browser for your CLI

$ lynx checkip.dyndns.org # you will be redirected to a text-based browser

If you have the simplest method apart from what being mentioned here, please share it. I can’t imagine how simple it would be!

 

CentOS 6: Install Remote Logging Server (rsyslog)

In my office network, we have a lot of small devices like router and switches in our environment. My boss wants me to have a report on all of our network device for auditing purposes. To accomplish this objective, I need to have a server which run as logging server, accepting various type of logging from several devices. This method will ease up my auditing trail in one centralized location.

I will use my development server which run on CentOS to receive logs from my Mikrotik router, 192.168.0.1 as picture below:

rsyslog

I am using following variables:

Rsyslog OS: CentOS 6.0 64bit
Rsyslog Server IP: 192.168.0.160
Router hostname: router.mynetwork.org
Router IP: 192.168.0.1

Rsyslog Server

1. Install Rsyslog package:

$ yum install rsyslog -y

2. Make sure you have following line uncommented in /etc/rsyslog.conf:

$ModLoad imuxsock.so
$ModLoad imklog.so
 
$ModLoad imudp.so
$UDPServerRun 514
 
$ModLoad imtcp.so
$InputTCPServerRun 514
 
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
*.info;mail.none;authpriv.none;cron.none /var/log/messages
 
authpriv.* /var/log/secure
 
mail.* -/var/log/maillog
 
cron.* /var/log/cron
 
*.emerg *
 
uucp,news.crit /var/log/spooler
 
local7.* /var/log/boot.log
 
$AllowedSender TCP, 127.0.0.1, 192.168.0.0/24
$AllowedSender TCP, 192.168.0.1

3. We need to add following rules into /etc/rsyslog.conf so logs received from the router will be output into a file called /var/log/router.log:

:fromhost-ip,isequal,"192.168.0.1"                      /var/log/router.log

There are a lot of options you can use to define your remote logging rules, which you can refer to this page: http://www.rsyslog.com/doc/property_replacer.html

4. Open firewall port 514 on TCP and UDP:

$ iptables -A INPUT -m tcp -p tcp --dport 514 -j ACCEPT
$ iptables -A INPUT -m udp -p udp --dport 514 -j ACCEPT

5. Restart Rsyslog daemon to apply the configuration:

$ service rsyslog restart

6. We also need to rotate this log file so it will need eating up the server’s disk space. Create a new text file called router under /etc/logrotate.d/ directory:

$ vim /etc/logrotate.d/router

And add following line:

/var/log/router.log
{
    daily
    rotate 5
    missingok
    notifempty
    sharedscripts
    postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

Router (Rsyslog Client)

1. Mikrotik router supports remote logging. I just need to login into the Winbox > System > Logging and configure Actions as screenshot below:

log1

2. The next thing, is we need to create the rules on which logging level do we want to be sent to the rsyslog server. Go to Winbox > System > Logging and configure Rules as screenshot below:

log2

Testing

Now, the router should send the log remotely to the rsyslog server and we can check the router logs by running following command:

$ tail -f /var/log/router.log
 
Jan 8 17:23:28 192.168.0.1 system,info log action changed by admin
Jan 8 17:26:09 192.168.0.1 system,info filter rule changed by admin
Jan 8 17:26:09 192.168.0.1 system,info filter rule changed by admin
Jan 8 17:26:23 192.168.0.1 system,info PPP AAA settings changed by admin
Jan 8 17:26:40 192.168.0.1 system,info L2TP Server settings changed by admin
Jan 8 17:26:49 192.168.0.1 system,info filter rule changed by admin
Jan 8 17:26:50 192.168.0.1 system,info filter rule changed by admin

 

 

cPanel with CentOS 6 as Internet Gateway

I am going to install a web server running on cPanel with several database servers connected only from the internal network (192.168.10.0/24). Since I need to run some yum installation in every box, I need to have internet access on each of the backend server.

My problem is I do have only 1 public IP provided by my ISP. I have no choice and must add another role to my cPanel box running on CentOS 6.3 to be an internet gateway so my database servers can have internet connection for this deployment phase.

Following picture simply explain the architecture that I am going to use:

Web Server (cPanel)

1. Since this server will going to be a gateway, we must allow the IP forwarding inside kernel. Open /etc/sysctl.conf and change following value:

net.ipv4.ip_forward = 1

2. Save the file and run following command to apply the changes:

$ sysctl -p

3. Lets clear the iptables rules first as we are going to add different rules later:

$ iptables -F

4. We need to allow IP masquerading in interface that facing internet connection, in my case is eth0. We also need to accept all connections from/to the internal network (192.168.10.0/24):

$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ iptables -A FORWARD -d 192.168.10.0/24 -j ACCEPT 
$ iptables -A FORWARD -s 192.168.10.0/24 -j ACCEPT

5. Save the rules:

$ service iptables save

 

Database Servers

1. In every server, add the internal IP address into /etc/sysconfig/network-script/ifcfg-eth0 as below:

Database Server #1:

DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.10.101
NETMASK=255.255.255.0
NETWORK=192.168.10.0

Database Server #2:

DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.10.102
NETMASK=255.255.255.0
NETWORK=192.168.10.0

Database Server #3:

DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.10.103
NETMASK=255.255.255.0
NETWORK=192.168.10.0

2. Change the gateway to point to the web server (cPanel) by adding following line into /etc/sysconfig/network :

GATEWAY=192.168.10.100

3. Add DNS resolver into /etc/resolv.conf as below:

nameserver 8.8.8.8
nameserver 8.8.4.4

4. Restart network service:

$ service network restart

 

Done! All the database servers should be able to have internet connectivity after the network service restarted. One public IP to be shared among servers?? Not a problem!

 

CentOS 6: Install VPN PPTP Client – The Simple Way

I have a PPTP server which run on Mikrotik Routerboard and I need to connect one of my CentOS 6.3 box to this VPN to retrieve some information from internal server. The VPN account already created in PPTP server and this post will just show on how to connect from CentOS CLI box.

I will be using following variables:

Client OS: CentOS 6.3 64bit
PPTP Server: 192.168.100.1
Username: myvega
Password: CgK888ar$

1. Install PPTP using yum:

$ yum install pptp -y

2. Add the username and password inside /etc/ppp/chap-secrets:

myvega     PPTPserver     CgK888ar$    *

The format will be: [username][space][server name][space][password][space][ip address allowed]

3. Create a configuration files under /etc/ppp/peers directory called vpn.myserver.org using text editor:

$ vim /etc/ppp/peers/vpn.myserver.org

And add following line:

pty "pptp 192.168.100.1 --nolaunchpppd"
name myvega
remotename PPTPserver
require-mppe-128
file /etc/ppp/options.pptp
ipparam vpn.myserver.org

4. Register the ppp_mppe kernel module:

$ modprobe ppp_mppe

5. Make sure under /etc/ppp/options.pptp, following options are not commented:

lock
noauth
refuse-pap
refuse-eap
refuse-chap
nobsdcomp
nodeflate
require-mppe-128

6. Connect to the VPN by executing following command:

$ pppd call vpn.myserver.org

Done! You should connected to the VPN server now. Lets check our VPN interface status:

$ ip a | grep ppp
3: ppp0:  mtu 1456 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 192.168.100.10 peer 192.168.100.1/32 scope global ppp0

If you face any problem, kindly look into /var/log/message for any error regards to pppd service:

$ tail -f /var/log/message | grep ppp
Dec 4 04:56:48 localhost pppd[1413]: pppd 2.4.5 started by root, uid 0
Dec 4 04:56:48 localhost pptp[1414]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Dec 4 04:56:48 localhost pptp[1420]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Dec 4 04:56:48 localhost pppd[1413]: Using interface ppp0
Dec 4 04:56:48 localhost pppd[1413]: Connect: ppp0  /dev/pts/1
Dec 4 04:56:48 localhost pptp[1420]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Dec 4 04:56:48 localhost pptp[1420]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Dec 4 04:56:49 localhost pptp[1420]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Dec 4 04:56:49 localhost pptp[1420]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Dec 4 04:56:49 localhost pptp[1420]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 137).
Dec 4 04:56:49 localhost pppd[1413]: CHAP authentication succeeded
Dec 4 04:56:49 localhost pppd[1413]: MPPE 128-bit stateless compression enabled
Dec 4 04:56:50 localhost pppd[1413]: local IP address 192.168.100.10
Dec 4 04:56:50 localhost pppd[1413]: remote IP address 192.168.100.1

To disconnect the VPN, just kill the pppd process:

$ killall pppd

Enable Intel 82579LM NIC in VMware ESXi 5.0

We have just bought a new server with Supermicro X9SCL-F motherboard for our backup server. This server comes with 2 NICs:

  • Intel 82579LM Gigabit
  • Intel 82574L Gigabit

Unfortunately, once the hypervisor installation completed, only one network interface is detected by VMware ESXi 5.0 which is Intel 82574L port. Since our architecture required to have 2 different cards so we can use it as fault tolerance to bring high availability features.

What we need to do is basically like this:

  1. Download the driver here: http://dl.dropbox.com/u/27246203/E1001E.tgz
  2. Use ESXi-Customizer to merge the driver and generate a new VMware installation ISO
  3. Burn the custom ISO into disk or USB drive
  4. Reinstall the server

 

Using ESXi-Customizer

1. Download it from here: http://esxi-customizer.googlecode.com/files/ESXi-Customizer-v2.7.1.exe

2. Double click on it and extract the files. Open the folder (ESXi-Customizer-v2.7.1) and double click at ESXi-Customizer.cmd

3. You will see following windows. Kindly enter required details as screenshot below:

Note: My installation ISO is VMware-VMvisor-Installer-5.0.0.update01-623860.x86_64

4. Click Run. The process will start and you will be see following prompt:

Just accept it by clicking “Yes”.

5. Once finished, you will find your new ISO as ESXi-5.x-Custom.iso. You will use this new ISO for VMware ESXi hypervisor installation.

After the installation finish, you can verify this using vSphere > host > Configuration > Network Adapters and you should see similar screenshot as below:

Build Low-cost Call Center using Elastix and Asterisk (Part 2)

This post is continuation of the previous post: http://blog.secaserver.com/2012/10/build-low-cost-call-center-elastix-asterisk-1/

Now we should have our PBX ready to receive call. But we are not yet configure on how to manage calls and agents. We should have a system to monitor agent’s activities. We can achieve this by using Call Center module inside Elastix. Install it by go to Elastix > Addons > Call Center > Install. Wait for a while until the process finish.

Configure Call Center

1. Create agent. Agent is the person who will need to login into the call center system and answer the call in queue. Go to Elastix > Call Center > Agent Options > Show Filter > New Agent. Enter agent’s details, example as below:

Agent Number: 501
Agent Name: Mark Derp
Password: 123456
Retype Password: 123456

Click Save and add another agent details:

Agent Number: 502
Agent Name: Karim Benz
Password: 121212
Retype Password: 121212

2. Create Group. We need to allow agents to login into our Elastix system to view the agent’s console. This console will tell the agent which incoming queue coming from, how long is the call durations, what type of calls that coming in and much more. This will be configured later. Go to Elastix > System > Users > Groups > Create New Groups. Enter information as below:

Group: Agent
Description: Call Center Agents

3. Assign Agent Console to Agent group. Go to Elastix > System > Users > Group Permissions > go to page 4 > tick on Agent Console > Save Selected as Accessible.

4. Create user. This will be used by call center agents to login into Elastix system to view campaign, calls and also view the phone book. Go to Elastix > System > Users > Create New User and enter agent #1 details as below:

Login: mark
Name: Mark Derp
Password: q1w2e3
Retype Password: q1w2e3
Group: Agent
Extension: 201

Click Save and create another user for Agent #2 as below:

Login: karim
Name: Karim Benz
Password: hgp4ss
Retype Password: hgp4ss
Group: Agent
Extension: 202

5. Create Form. This form will be used to enter customer’s details when they call in. This is required for reporting. We will do this so agent can fill up some details on the call description and remark. Go to Elastix > Call Center > Forms > Show Filter > Create New Form. Enter details as screenshot below:

 

6. Select Queue. We need to select which queue that will be used inside our call center and activate it. I will activate my SalesCallQueue which has been created on previous post. Go to Elastix > Ingoing Calls > Queues > Show Filter > Select Queue > Select Queue > 301 SalesCallQueue and click Save.

7. Now we can create campaign. Every incoming calls and outgoing calls that agents will call/receive need to be through a campaign. Inside this campaign, we will insert which queue, which form and some description for the caller’s type. Go to Elastix > Call Center > Ingoing Calls > Ingoing Campaigns > Show Filter > Create New Campaign and enter required details as screenshot below:

Click Save and you are done on configuring call center agents, call route, IVR and call queue. We can now proceed to this call center with our call center agents.

 

Install & Configure Softphone (SIP Client)

There will be a lot of SIP clients available which you can used for this purpose. I am going to use X-Lite. You can download the software here: http://www.counterpath.com/x-lite-5-for-windows-download.html

1. Login into the call center agent’s PC and proceed to download and install the software. We will be using this application to connect to PBX server which it will route the call to your PC based on extension number. For agent #1 PC, login as extension 201 with password [email protected] as below:

For agent #2 laptop, login as extension 202 with password [email protected] similar to screen shot above. You should now has log into your extension (consider your phone) into the PBX system.

NOTES: You are not login as agent yet in this step! You just login your phone. Just think that this softphone as your normal phone.

2. Login into Elastix’s Agent Console at https://192.168.0.70 and use login as created in step #4 under Configure Call Center section.

3. Now select the Agent Number and Extension number that has been setup in the PC for agent #1 as screen shot as below:

4. After you click Enter, you should receive a call from the PBX server (the Caller ID will be Anonymous) and you will be asked to enter the agent’s password. Now enter the password that you have setup for this agent as in step #1 under Configure Call Center section by pressing the PC keyboard and press ‘#’ (shift + 3) button. You will now login as agent and will be redirected to the console as below:

 

Testing and Costing

Now call the number that associated with the direct line from mobile phone. You will then be entertained by a digital receptionist with IVR menu. Select the appropriate options and your call will be put on queue. Then automatically your call center agent will get the respective call and hear your voice. The ‘Hangup’ and ‘Transfer’ button in agent console will only available if the agent is having active calls.

As for total cost of this call center, here is my calculation:

===================================
Stuff                |   Cost (MYR)
===================================
Phone line setup fee |   50 x 4
Phone line rental    |   800/month (200/month x 4)
Server Hardware      |   1400
Telephony Card       |   1980
Agent's Phone        |   0
Agent's Headset      |   250 x 2
PBX system           |   0
Call center system   |   0
===================================
Total                |   4080
===================================

As what I stated in the subject of this post, I have achieved my objective in building a call center/centre with lowest cost possible using mostly open-source tools. My total setup cost is only MYR 4080 or around ~USD $1330 with monthly cost for calls by telco which is MYR 800/month or around ~USD $261/month.

Build Low-cost Call Center using Elastix and Asterisk (Part 1)

My company requires me to build a simple call centre whereby:

  • It can receive incoming call from customers
  • Digital receptionist with interactive voice response (IVR)
  • Make outgoing call
  • Call queue
  • 2 call center agents workings to attend all calls

In order to achieve this, we need to know how many concurrent calls that we usually get during peak hours. In my case, we will usually get/make 3 concurrent calls in a same time. We will require 4 direct line from the Telco provider. The steps will be as below:

  1. Apply 4 direct phone lines from the Telco provider.
  2. Apply another toll-free number to be mapped to this 4 direct phone lines. Example: 1-800-88-1919.
  3. Prepare a server to control this communication aka PBX server.
  4. Buy a telephony interface card to be attached into PBX server.
  5. Install Elastix.
  6. Configure Elastix (extension, call route, IVR, queue).
  7. Install and configure Softphone in agents’ PC. This is the tool that call center agents used to communicate with customer.
  8. Buy a headphone set for call center agents usage.

I will not going to cover whole steps in this post. I am assume that step 1 and 2 has been done by your side. So I will start on step 3 and so on. The architecture that we are going to setup will be as below:

 

I will be using following variables:

Operating System: Elastix 2.3.0 Stable
PBX Server: 192.168.0.70
PBX Hostname: callcenter.mydomain.org

 

Prepare the PBX Server

1. Get a server. I will be using simple Core i3 server with 250 GB HDD and 2GB RAM.

2. Download Elastix ISO from here: http://www.elastix.org/index.php/en/downloads/main-distro.html. During this writing, I will download the 64bit version of Elastix 2.3.0 Stable.

3. Burn the ISO into a CD. We will use this CD to install the Elastix operating system.

4. Start the installation process by boot the CD. Follow all required steps until finish. Make sure you do not miss steps on setting up MySQL root password and Elastix administrator password.

 

Telephony Interface Card

After the installation finish and before we configure Elastix, we need to buy a telephony interface card which not usually available in normal IT store. This card usually being produced by PBX company like Digium, Sangoma and Rhino.

Make sure you understand the difference between FXO and FXS before you buy the telephony card. Since I will be using Softphone for all call agents, I will need to buy 4 FXO port (for direct line) with no FXS port (for station line). You may refer to here for further explanation: http://www.3cx.com/PBX/FXS-FXO.html

For me I am going to buy this analog telephony card from Digium:

 

Configure Elastix

1. Now login into the Elastix server using web browser as admin. As for me, I will be login to https://192.168.0.70 .

2. We need to detect the telephony card before start configuring the PBX server. Make sure the direct phone lines has been attached to the back of the telephony card port. Go to Elastix > System > Hardware Detector > Detect New Hardware. You should see something like below:

This picture shows that only 1 direct phone line is detected and connected to the server. If you attached more than 1 line, you should see the respective port will turn into green.

 

3. Lets start configuring Elastix. The most basic things that we need to have is extension. Go to Elastix > PBX > PBX Configuration > Extensions. Select Generic SIP Device and click Submit. Fill up required data as below for Agent 1:

  • Under ‘Add Extension’
    • User Extension: 201
    • Display Name: Agent 1
  • Under ‘Device Options’
  • Under ‘Voicemail & Directory’
    • Status: Enabled

Click Submit. Now for Agent 2 repeat similar steps and add information as below:

  • Under ‘Add Extension’
    • User Extension: 202
    • Display Name: Agent 2
  • Under ‘Device Options’
  • Under ‘Voicemail & Directory’
    • Status: Enabled

 

4. Create queue. This will define the incoming call to be queue and which agent will required to communicate with them. I will need to create 2 group of queue which is Sales queue and CustomerService queue. Go to Elastix > PBX > PBX Configuration > Queues and enter following details:

  • Under ‘Add Queue’:
    • Queue Number: 301
    • Queue Name: SalesCallQueue
    • Static Agents: A201,0
Click Submit. Now for customer service queue, repeat similar steps and add information as below:
  • Under ‘Add Queue’:
    • Queue Number: 302
    • Queue Name: CustomerServiceCallQueue
    • Static Agents: A202,0

 

5. We need to create some recordings. We will use the voice recording to welcome every incoming call using IVR. You can refer to following video on how to use System Recordings:

As for me, I will be using Text to Wav features under Elastix > PBX > Tools > Text to Wav to create a simple welcoming voice.

 

6. From the voice recording on previous steps, we will need to configure IVR so our digital receptionist could route the call correctly. Go to Elastix > PBX > PBX Configuration > IVR and enter details as screen shot below:

 

7. We then need to configure the Inbound Routes. This will tell PBX on what is the first thing to do when receiving calls. Go to Elastix > PBX > PBX Configuration > Inbound Routes and enter following details:

  • Under ‘Add Incoming Route’:
    • Description: IncomingLine
  • Under ‘Options’:
    • CID name prefix: IncomingCall
  • Under ‘Set Destination’:
    • IVR: Welcome
Click Submit and also click the notification: Apply Configuration Changes Here.
Notes:
This post continues at part 2 on how to install Call Center modules in Elastix and configure the call center agents’ PC to to use Softphone.

Linux: Rsync using Web Interface

We have just launched a new website which being deploy exactly from our development server. There are constant changes on the source code where our programmer always need to do some debugging stuff which being reported from our users. The problem I face frequently is every time they want to sync the new PHP code, I need to manually sync the file for them. My boss do not allow anyone except him to have FTP access to the server.

I am using rsync to do the file syncing from development server to the live server. Both servers are having identical file path for the PHP code, which means in production server, the Apache document root is /home/mywebs/public_html as well as development server. So I need a tool to help me solve this problem. Instead of me doing this for them, why dont they sync the files  to the live server by themselves?

In order to achieve this, I will be using rsync with Webmin and Usermin, a web-based interface for system administration for Unix. Both servers run CentOS 6.2 64bit. My server architecture and variable is as below:

 

Notes: All steps below should be completed in the development (source) server. No need to setup anything on the production (target) server.

1. Download and install Webmin:

$ cd /usr/local/src
$ wget http://prdownloads.sourceforge.net/webadmin/webmin-1.590-1.noarch.rpm
$ rpm -Uhv webmin-1.590-1.noarch.rpm

2. Download and install Usermin:

$ cd /usr/local/src
$ wget http://cdnetworks-kr-1.dl.sourceforge.net/project/webadmin/usermin/1.510/usermin-1.510-1.noarch.rpm
$ rpm -Uhv usermin-1.510-1.noarch.rpm

3. Install rsync using yum:

$ yum install -y rsync

4. Open Webmin, Usermin and rsync ports in iptables. Open iptables and add following lines at /etc/sysconfig/iptables using text editor before any REJECT rules:

-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 873 -j ACCEPT

5. Save and restart iptables:

$ service iptables restart

6. Open Webmin using web browser. In my setup, I will use this URL http://211.43.12.12:10000. Login as root user and navigate to Webmin > Others > Custom Commands > Create a new custom command.

7. Add required information as highlighted below:

8. Now we need to create a user to be used by programmer team. Go to Webmin > Webmin Users > Create a new Webmin user.

Under “Available Webmin modules” section, tick for the “Custom Commands” as screen shot below:

9. Edit the user again. We just want them to choose files under /home/mywebs directory. Go to Webmin > Webmin Users > choose user ‘developer’ > Permissions for all modules and choose as below:

10. Lets create user developer. Go to Webmin > System > Users and Groups > Create a new user and fill up required information as screenshot below:

11. Now as for the last step, we need to setup shared SSH keys between these 2 servers so the rsync can be executed without user mywebs’s password authentication in destination server:

$ su - mywebs
$ ssh-keygen -t dsa # just press enter for all questions
$ ssh-copy-id -i ~/.ssh/id_dsa mywebs@server1.mywebs.biz

 

Done. Now ask your developer to access to Usermin at http://211.43.12.12:20000 and go to Usermin > Others > Custom Commands. The rsync script that we have create before is now available for the developer. They can use this features to sync the file to live server whenever they want:

Install and Configure Zenoss as Centralized Monitoring System

Good system administrator should know that they need to do these 3 most important things after delivering a server:

  • secure
  • monitor
  • backup

As part of monitoring task, in this tutorial, I am going to show on how to build a centralized monitoring system using Zenoss. Zenoss will need to use SNMP agent in every server that need to be monitored. If you have high number of servers, you should use Zenoss instead of Cacti or Nagios because it is easier to setup and maintain. The web-based management portal is really easy to understand and you can monitor a lot of things, not limited to SNMP MIB reporting only.

Zenoss has the community version which is free. The latest version of Zenoss at this date is version 4. Zenoss installer recommending user to use a clean server. But in my case, I will use a cPanel server which really not heavy in usage for this purpose. In order to run Zenoss in ‘not-so-clean’ server, I need to use Zenoss stack version 3. I will be using following variables:

OS: RHEL 5.3 64bit (Tikanga)
cPanel: 11.32.3 (build 23)
Zenoss server IP: 210.20.88.50
Server to be monitored: 177.60.52.200 and 81.71.46.44

Install Zenoss

1. Download the Zenoss stack version 3 at here http://sourceforge.net/projects/zenoss/files/zenoss-3.2/zenoss-3.2.1/. The file you should download is zenoss-stack-3.2.1-linux-x64.bin.

2. Give execute permission and install it. Follow and accept the default value of installation wizard:

$ chmod +x zenoss-stack-3.2.1-linux-x64.bin
$ ./zenoss-stack-3.2.1-linux-x64.bin

3. Make sure you open following port for Zenoss usage:

TCP: 8080
UDP: 514
UDP: 161
UDP: 162

4. Navigate to your browser and access Zenoss to create the admin user at http://210.20.88.50:8080/.

Enable SNMP

In all servers that need to be monitored, we need to install and enable SNMP agent. RHEL/CentOS 5 and 6 have some kind of different way on activating SNMP as example below:

Server #1 (177.60.52.200) – CentOS 5.6 64bit

1. Install and enable SNMP on startup:

$ yum install net-snmp
$ chkconfig snmpd on

2. Open /etc/hosts.allow using text editor and add following line:

snmpd: 210.20.88.50

This will allow Zenoss collector to connect to SNMP service of this server.

3. Run following command to add SNMP community string for Zenoss collector:

echo "rocommunity zenossreporting" > /etc/snmp/snmpd.conf

4. Disable SNMP informational logging. If you are not doing this, SNMP will flooding out your /var/log/message. Open /etc/sysconfig/snmpd.options and add following line:

OPTIONS="-LS 5 d -Lf /dev/null -p /var/run/snmpd.pid -a"

5. Save and restart SNMP service:

$ service snmpd start

6. Make sure UDP port 161 is open for SNMP collection.

Server #2 (81.71.46.44) – CentOS 6.2 64bit

1. Install and enable SNMP on startup:

$ yum install net-snmp
$ chkconfig snmpd on

2. Run following command to add SNMP community string for Zenoss collector:

echo "rocommunity zenossreporting" > /etc/snmp/snmpd.conf

3. Disable SNMP informational logging. If you are not doing this, SNMP will flooding out your /var/log/message. Open /etc/sysconfig/snmpd and add following line:

OPTIONS="-LS 5 d -Lf /dev/null -p /var/run/snmpd.pid -a"

4. Save and restart SNMP service:

$ service snmpd start

5. Make sure UDP port 161 is open for SNMP collection.

Configure Zenoss

1. Login into the Zenoss management portal at http://210.20.88.50:8080/ . Lets add a node to monitor. Go to INFRASTRUCTURE > Device > click the plus “+” icon and enter required information as screenshot below:

2. After added, we need to model the device. Select the device in the device list and select “Model Device” on the bottom left menu as screen host below:

3. This will build up the model based from Zenoss collector. You should see the left-side menu for the respective device appear following added menu:

4. Done. Your server load average, CPU utilization, memory utilization, disk IO, disk usage and network interface are being monitored now. You can repeat this step to all servers that need to be monitored.

 

Monitor Apache & MySQL using Zenoss

Zenoss has some kind of extension called ZenPacks used to monitor other services or processes. You just need to download and install the ZenPacks using Zenoss management portal. I will use ZenPacks to monitor Apache and MySQL as well.

1. Download ZenPacks for Apache and MySQL at here http://community.zenoss.org/community/zenpacks/:

Apache: http://community.zenoss.org/docs/DOC-3442
MySQL: http://community.zenoss.org/docs/DOC-3501

2. Upload and install both ZenPacks into Zenoss. Go to Zenoss > ADVANCED > ZenPacks > click the gear icon > Install ZenPack..

3. You need to restart Zenoss for this. Login into the server via SSH and run following command:

$ service zenoss-stack restart

4. Login into the server that we need to monitor Apache and MySQL via SSH. We need to create the Apache server-status page for Apache monitoring plugin. Open main httpd.conf file which usually located under /etc/httpd/conf/httpd.conf and add following line:

ExtendedStatus On
 
<Location /server-status>
   SetHandler server-status
   Order deny,allow
   Deny from all
   Allow from 210.20.88.50
</Location>

5. For cPanel servers, you may need to run following command to retain the httpd.conf in case if cPanel rebuild the httpd.conf file:

$ /usr/local/cpanel/bin/apache_conf_distiller --update --main

6. Restart Apache to apply the changes:

$ service httpd restart

7. Login into MySQL via console and run following SQL line:

mysql> grant usage on *.* to [email protected]'%' identified by 'zenP455w0rd';

8. Go back to Zenoss portal for the device. Go to Configuration Properties and find following fields and update the value:

zMySqlPassword = zenP455w0rd
zCollectorClientTimeout = 300
zSnmpTimeout = 5
zSnmpTries = 4

9. Last step is to bind the Apache and MySQL monitoring templates into the device monitoring properties. Go to gear icon on bottom-left menu and click Bind Templates and select both templates to the right side as screen shot below:

Open Zenoss > INFRASTRUCTURE > Devices > server name > Graphs and wait for a while. You should see a complete monitoring graph as screenshot below in this page:

Snmpd: Connection from UDP: REFUSED and SNMP Logging

Connection from UDP: [IP]:[port] REFUSED

During setting up my monitoring system using Zenoss, I see some of the servers which run on RHEL 5 were returning following logs under /var/log/message :

Aug 2 10:47:55 server1 snmpd[30684]: Connection from UDP: [210.6.122.109]:56295 REFUSED
Aug 2 10:47:57 server1 snmpd[30684]: Connection from UDP: [210.6.122.109]:56295 REFUSED

To solve this, we need to allow the source connection IP in /etc/hosts.allow file by adding following line:

snmpd: 210.6.122.109

After changing the value, restart snmpd service:

$ service snmpd restart

Monitor the /var/log/message as below:

Aug 2 10:51:44 server1 snmpd[1771]: Connection from UDP: [210.6.122.109]:56797
Aug 2 10:51:44 server1 snmpd[1771]: Received SNMP packet(s) from UDP: [210.6.122.109]:56797
Aug 2 10:51:44 server1 snmpd[1771]: Connection from UDP: [210.6.122.109]:56797

 

SNMP Logging Flooding into /var/log/message

Another problem I have been facing with default installation of SNMP is the /var/log/message will be flooding with snmpd log as example above. To overcome this, add following line into /etc/sysconfig/snmpd using text editor:

OPTIONS="-LS 5 d"

Save and restart SNMPD to get affected. To verify, just run following command and make sure the options value is included:

$ ps aux | grep snmpd
root   32382   0.0   0.1   197160   5076   ? S   13:04   0:00        /usr/sbin/snmpd -LS 5 d

This options will log from level 0 to 4 based on log level below:

0 – Emergencies – System is unusable
1 – Alerts – Immediate action needed
2 – Critical – Critical conditions
3 – Errors – Error conditions
4 – Warnings – Warning conditions
5 – Notifications – Informational messages
6 – Informational – Normal but significant conditions
7 – Debugging – Debugging messages

CentOS: Configure Piranha as Load Balancer (Direct Routing Method)

I am currently working on a web cluster project using CentOS. In this project, I have 2 web servers running on Apache and mounted the same document root to serve the HTTP content. I also have 2 servers in front of it to become the load balancer and failover to increase high availability of the two-node web server cluster. The virtual IP will be hold by load balancer #1 with auto failover to load balancer #2.

You may refer to diagram below to get clearer picture:

I am using following variables:

All servers’ OS: CentOS 6.2 64bit
Web server #1: 192.168.0.221
Web server #2: 192.168.0.222
Load balancer #1: 192.168.0.231
Load balancer #2: 192.168.0.232
Virtual IP: 192.168.0.220

Load Balancer Server

1. All steps should be done in both servers unless specified. We will install Piranha and other required packages using yum:

$ yum install piranha ipvsadm -y

2. Open firewall ports as below:

  • Piranha: 3636
  • HTTP: 80
  • Hearbeat: 539

3. Start all required services and make sure they will auto start if server reboot:

$ service piranha-gui start
$ chkconfig piranha-gui on
$ chkconfig pulse on

4. Run following command to set password for user piranha. This will be used when accessing the web-based configuration tools:

$ piranha-passwd

5. Turn on IP forwarding. Open /etc/sysctl.conf and make sure following line has value 1:

net.ipv4.ip_forward = 1

And run following command to activate it:

$ sysctl -p

Load Balancer #1

1. Open Piranha web-based configuration tools at http://192.168.0.231:3636 and login as piranha with respective password. We start with configuring Global Settings as below:

2. Then, go to the Redundancy tab and enter the secondary server IP. In this case, we will put load balancer #2 IP as the redundant server in case load balancer #1 is down:

3. Under Virtual Servers tab, click Add and enter required information as below:

4. Now we need to configure the virtual IP and virtual HTTP server to map into the real HTTP server. Go to Virtual Servers > Real Server and add into the list as below:

Make sure you activate the real server once the adding completed by clicking the (DE)ACTIVATE button.

5.  Now copy the configuration file to load balancer #2 to as below:

$ scp /etc/sysconfig/ha/lvs.cf 192.168.0.232:/etc/sysconfig/ha/

6. Restart Pulse service to apply the new configuration:

$ service pulse restart

You can monitor what is happening with Pulse by tailing the /var/log/message output as below:

$ tail -f /var/log/message

Load Balancer #2

No need to configure anything in this server. We just need to restart Pulse service to get affected with the new configuration changes which being copied over from LB1.

$ service pulse restart

If you see the /var/log/message, pulse in this server will report that it will run on BACKUP mode.

Web Servers

1. Since we are using direct-routing method, regards to your Apache installation, we also need to install another package called arptables_jf. Here is some quote from RedHat documentation page:

Using the arptables_jf method, applications may bind to each individual VIP or port that the real server is servicing. For example, the arptables_jf method allows multiple instances of Apache HTTP Server to be running bound explicitly to different VIPs on the system. There are also significant performance advantages to usingarptables_jf over the IPTables option.

However, using the arptables_jf method, VIPs can not be configured to start on boot using standard Red Hat Enterprise Linux system configuration tools.

We will instsall using yum:

$ yum install arptables_jf -y

2. Configure arptables_jf by executing following command:

In web server #1:

$ arptables -A IN -d 192.168.0.220 -j DROP
$ arptables -A OUT -d 192.168.0.220 -j mangle --mangle-ip-s 192.168.0.221

In web server #2:

$ arptables -A IN -d 192.168.0.220 -j DROP
$ arptables -A OUT -d 192.168.0.220 -j mangle --mangle-ip-s 192.168.0.222

3.  Save the arptables rules and make sure the service is started on boot:

$ service arptables_jf save
$ chkconfig arptables_jf on

4.  Add the virtual IP address in the servers:

$ ip addr add 192.168.0.220 dev eth0

5. Since the IP cannot be started during sysinit (boot time), we can automatically start the IP after sysinit complete. Open /etc/rc.local using text editor:

$ vim /etc/rc.local

And add following line:

/sbin/ip addr add 192.168.0.220 dev eth0

Warning: Every time you restart your network service, please make sure to run step #4 to bring up the virtual IP in real server.

Done. You can now point your website to the virtual IP and you will see that the load balancer #1 will report as below:

$ ipvsadm -L
 
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port       Forward Weight  ActiveConn  InActConn
TCP 192.168.0.220:http lblc
-> 192.168.0.221:http       Route   1       0           34
-> 192.168.0.222:http       Route   1       0           19

CentOS: Setup IPv6 using HE Tunnel Broker with Apache

Even though IPv4 has been fully occupied, many people still not realized that they need to start implementing IPv6 for their services. In this post, I am going to show how to implement IPv6 connectivity to HTTP service which run on Apache.

We will use dual-stack configuration which allowed IPv4 and IPv6 run simultaneously in a single server. In this tutorial, I am assuming that we will use standard Apache installation which come from yum.

IPv6 Kernel Module

I am using CentOS 5.6 32bit and IPv6 module is disabled by default if not configured during first installation. You will see following error when you want to load IPv6 kernel module:

$ modprobe ipv6
FATAL: Module off not found.

This is not an issue if you are using CentOS 5.7 and later. So we need to enable the IPv6 module and make sure it is loaded into kernel.

Open /etc/modprobe.conf using text editor:

$ vim /etc/modprobe.conf

and delete following line:

alias ipv6 off
options ipv6 disable=1

Save the file and reload probe for ipv6 module.

$ modprobe ipv6

To check whether ipv6 is correctly loaded, use lsmod command as below:

$ lsmod | grep ipv6
ipv6       270049   1 cnic

To complete the process, reboot the server.

Once done, lets see network interface in this server. We have 2 active interfaces: localhost (lo) and ethernet (eth0) which is the default route to Internet:

$ ip a
1: lo:  mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:16:17:27:7f:9d brd ff:ff:ff:ff:ff:ff
inet 85.127.181.30/26 brd 85.17.81.63 scope global eth0
inet6 fe80::216:17ff:fe27:7f9d/64 scope link

Get the IPv6

1. Lets check the IPv4 main IP of our server. Run following command to check:

$ curl cpanel.net/myip
85.127.181.30

2. Since we will configuring dual-stack protocol, we need to have our IPv6 connection to be tunnel into IPv4 connectivity. Hurrican Electric (HE) is providing this service for free. We need to create an account, create the IPv6 tunnel and configure it to our server.

Once registered, login into the portal and click ‘Create Regular Tunnel’ and add the main IPv4 of your server and select a tunnel location. Since this server is located in Europe, I will just select Berlin as refer in screenshot below:

3. Click ‘Create Tunnel’. You will then being redirected to a summary page. Go to ‘Example Configurations’ tab and select ‘Linux-route2’ as screenshot below:

That is the command that we need to execute in order to activate the IPv6 in the server.

 

Activate the IPv6

1. There can be 2 ways to activate the IPv6 interface whether using command line or using network interface configuration file. We will activate using command line and also create an network configuration file so we can use ifup and ifdown command to control the interface (just like normal interface script ifcfg-eth0).

2. Execute all commands as stated in the example configuration above:

$ modprobe ipv6
$ ip tunnel add he-ipv6 mode sit remote 216.66.80.30 local 85.127.181.30 ttl 255
$ ip link set he-ipv6 up
$ ip addr add 2001:470:1f0a:6ef::2/64 dev he-ipv6
$ ip route add ::/0 dev he-ipv6
$ ip -f inet6 addr

3. Check whether the interface is up. You should get the IPv6 address provided by TunnelBroker:

$ ifconfig he-ipv6

4. Create the network config file. Go to /etc/sysconfig/network-scripts/ and create a new file using text editor called ifcfg-he:

$ vim /etc/sysconfig/network-scripts/ifcfg-he

And add following line:

DEVICE=he-ipv6
TYPE=sit
BOOTPROTO=none
ONBOOT=yes                         # set to "no" if you prefer to start the tunnel manually
IPV6INIT=yes
IPV6TUNNELIPV4=216.66.80.30        # Server IPv4 address
IPV6ADDR=2001:470:1f0a:6ef::2      # Client IPv6 address

4. Add following line into /etc/sysconfig/network to make sure all IPv6 traffic will be routed through this interface:

NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=he-ipv6

5. Since this server already have APF firewall loaded, we need to disable it because APF is not supporting IPv6 yet. If you want to configure IPv6 firewall, configure your rules under /etc/sysconfig/ip6tables instead:

$ apf -f
$ rm /etc/init.d/apf

6. You can bring the IPv6 up and down using ifup and ifdown command as below:

$ ifdown he-ipv6
$ ifup he-ipv6

 

Point Domain Name to IPv6

The next step should be DNS. We need our hostname resolvable to IPv6 when lookup. Login to the name server and add following AAAA record (IPv6 A record type):

www.mydomain.org      A           85.127.181.30
www.mydomain.org      AAAA        2001:470:1f0a:6ef::2

Done! Wait for DNS propagation to complete before you can test your website.

Configure Apache

1. Since we want our website to be accessed via IPv4 and IPv6, the listen value in httpd.conf will remain as default. Open Apache configuration file located at /etc/httpd/conf/httpd.conf and find following line:

Listen 80

2. My new virtual host for the website will be as below:

NameVirtualHost 85.127.181.30:80
NameVirtualHost [2001:470:1f0a:6ef::2]:80
 
# VirtualHost for IPv4
<VirtualHost 85.127.181.30:80>
    ServerName www.mydomain.org
    ServerAdmin admin@localhost
    DocumentRoot /home/mydomain/public_html
    ErrorLog /home/mydomain/logs/error_log
    CustomLog /home/mydomain/logs/access_log combined
</VirtualHost>
# Virtual host for IPv6
<VirtualHost [2001:470:1f0a:6ef::2]:80>
    ServerName www.mydomain.org
    ServerAdmin admin@localhost
    DocumentRoot /home/mydomain/public_html
    ErrorLog /home/mydomain/logs/error_log
    CustomLog /home/mydomain/logs/access_log combined
</VirtualHost>

3. Check Apache configuration file and start if configuration syntax is correct:

$ service httpd configtest
$ service httpd restart

IPv6 Browsing Test

To test our website’s IPv6 browsing, I will use http://www.ipv6proxy.net/. I used this web proxy to access one of my page http://www.mydomain.org/ipv6.html and following result appear as below:

Done! Your website now can be accessed via IPv4 and IPv6!