-
Notifications
You must be signed in to change notification settings - Fork 35
Install on Debian notes
robfantini edited this page Apr 24, 2013
·
49 revisions
- ona using debian wheezy
- 2013-04-23 the notes below are from the start of our network upgrade project. I'll post updated notes sometime. ping me if they are note here , which means this line is here.
- 2012-12 these are notes from first install on 2012-12 using Wheezy.
aptitude install apache2 dnsutils mysql-server mysql-client \
nmap php5 php5-gmp php5-mysql libapache2-mod-php5 unzip
I'm not certain that all the above are needed. got suggested debs from 'lamp debian' search.
php5-gmp is needed for ipv6 support in version 13.03.01 . else the following error when a subnet is clicked: "Error: the server returned the following HTTP status: 500 Received" . this was reported and fixed within hours .
just followed main ona install page at https://github.com/opennetadmin/ona/wiki/Install .
- /etc/ona
echo "/opt/ona" >> /etc/onabase
- log rotate . example /etc/logrotate.d/ona :
/var/log/ona.log {
rotate 12
size 100k
compress
missingok
notifempty
}
this warning shows up every time /opt/ona/bin/dcm.pl is run : this was fixed in recent dcm.pl versions.
# /opt/ona/bin/dcm.pl -r host_add host=host1.example.com type=2 ip=10.100.100.44 mac=00:1F:33:F2:99:BB Use of qw(...) as parentheses is deprecated at /opt/ona/bin/dcm.pl line 249. Use of qw(...) as parentheses is deprecated at /opt/ona/bin/dcm.pl line 304.
release 1.21 fixes that . this is from dcm.pl change log with in the file:
## Changelog: ## ## 07/05/2012 - v1.21 - Matt Pascoe ## - Fix deprication warnings about qw
perl program needed to get emails if errors in build_dhcpd and probably other build_* .
get at http://caspian.dotconf.net/menu/Software/SendEmail/ . is that avail to install as a deb?
exctact to /usr/local/bin/
sample /etc/cron.d/ona
SHELL=/bin/sh PATH=/opt/ona/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # Rebuild DHCPD configuration file and restart daemon */15 * * * * root /opt/ona/bin/build_dhcpd > /dev/null # 2>&1 # Rebuild DNS configuration file and restart daemon */15 * * * * root /opt/ona/bin/build_tinydns -t -s dnshost1.example.com > /dev/null # 2>&1
- running this:
/opt/ona/bin/nmap_scan_cron -u -a # or this sometimes: /opt/ona/bin/nmap_scan_cron -n 10.100.100.0/24caused ping and rsync to return "No buffer space available".
- solution , per matt@opennetadmin.com :
per the info in this bug I found: https://github.com/DataSoft/Nova/issues/342
I have added the following to /etc/sysctl.conf
net.ipv4.neigh.default.gc_thresh1 = 1024 net.ipv4.neigh.default.gc_thresh2 = 4096 net.ipv4.neigh.default.gc_thresh3 = 65536
This seems to have fixed the buffer issue. I ran a new nmap scan via /opt/ona/bin/nmap_scan_cron.. because of the size of the network it takes about 30-40 minutes to complete the scan. you can now go to your main subnet and then click on the nmap scan under the report section. Keep in mind due to the size it takes 20-30 seconds for this page to render completely. but its a good report to see new devices and add hosts/interfaces that are not yet in ONA (there are only just a few).
When we break things up into vlans and /24 subnets this will be much quicker.
- ona easily handles generating a dhcpd.conf . of course the data needs to be loaded in to ona first.
- install
aptitude install isc-dhcp-server
- configure
- use a link
cd /etc/dhcp mv dhcpd.conf dhcpd.conf.ori ln -s /opt/ona/etc/dhcpd/dhcpd.conf.ona dhcpd.conf
- or include /etc/dhcp/dhcpd-local-include.conf in ona dhcp header file.
- we had 200+ dhcp fixed lease entried in dhcpd.conf . i used this to import into ona.
- http://opennetadmin.com/docs/utils/dcm.pl
- download dcm.pl , extract files and
put dcm.pl to /opt/ona/bin/
- Export: get this: https://gist.github.com/4039747 An AWK script to parse ISC dhcpd configuration files into a CSV for use by dcm.pl to load into OpenNetAdmin . check dhcpparse.awk then make it executable . and never run as root.
- i just used the fixed leases in our old dhcpd.conf . the import may be able to get more then that..
cat dhcpd.conf | ./dhcpparse.awk > fo
- Import. edit the lines so thay look like this. use vim or sed.
/opt/ona/bin/dcm.pl -r host_add ip=10.100.100.44 mac=00:1F:33:F2:99:BB host=fbc44.xyz.com type=2
Install services
- download debian package from http://packages.debian.org/sid/djbdns . ( unless "apt-get install djbdns" works ) .
- dpkg -i djbdns_1.05-8_i386.deb ## or djbdns_1.05-8_amd64.deb etc..
- apt-get install daemontools-run ucspi-tcp make
- groupadd dnscache; useradd -g dnscache dnscache; useradd -g dnscache dnslog
- groupadd tinydns; useradd -g tinydns tinydns
- dnscache-conf dnscache dnslog /var/dnscache 10.100.100.105
- ln -s /etc/service /service
- ln -s /var/dnscache /service
- adjust /service/dnscache/root/ip and servers settings
- tinydns-conf tinydns dnslog /var/tinydns 10.100.100.107
- ln -s /var/tinydns /service
- rm /service/tinydns/root/add-*
- Update the Makefile in tinydns/root so it wont break things
echo "# Do not edit data on this computer! data.cdb is copied from another location. # The following line protects data.cdb by stopping make. 9" > /service/tinydns/root/data
Add new dedicated dnscache and tinydns interfaces to /etc/network/interfaces. For example:
# add:
auto eth0:dnscache1
iface eth0:dnscache1 inet static
address 10.100.100.105
netmask 255.255.0.0
auto eth0:tinydns1
iface eth0:tinydns1 inet static
address 10.100.100.107
netmask 255.255.0.0
Configure tinydns builds from ONA
- mkdir -p /opt/ona/etc/tinydns/[serverFQDN]
- create a Makefile in the serverFQDN dir:
# Makefiles are very picky about formatting (kinda like python).
# you have to use tabs to indent things no spaces..
# the comments have to be the first character in the line, not indented..
#
# The DIRNAME variable gets the directory name that this makefile is in.
# The name of the directory must be the FQDN of the server to send the data.cdb file to
# This is done because the build_tinydns script invokes make with --directory
DIRNAME = $(shell basename ${CURDIR})
# Also the ssh keys should be stored in this directory as well under .ssh/
# example:
# mkdir .ssh
# ssh-keygen -f .ssh/tinydns-ona-key
## and copy to secondary.
# ssh-copy-id -i .ssh/tinydns-ona-key.pub Secondary-dns-server
# Copy the data to remote machine(s), this will also activate it on that remote server
remote: data.cdb
@echo "INFO => Rsyncing data to remote host: ${DIRNAME}"
cp data.cdb /service/tinydns/root/data.cdb
svc -t /service/dnscache
#scp -P 52123 -i ${CURDIR}/.ssh/tinydns-ona-key data.cdb rsyncuser@${DIRNAME}:/service/tinydns/root/data.cdb
#ssh -i ${CURDIR}/.ssh/tinydns-ona-key rsyncuser@${DIRNAME} 'svc -t /service/dnscache'
# Convert data file to the .cdb form
# This should be the path to your systems tinydns-data program
data.cdb: data
@/usr/bin/tinydns-data
# If there is no header file, lets initialize one
init-header:
@echo "############# BEGIN HEADER FILE ####################" > data.ona.header
@echo "# Header information to be added to the data file" >> data.ona.header
@echo "# This is where you manage records that can not be" >> data.ona.header
@echo "# maintained in the ONA database for whatever reason" >> data.ona.header
@echo "# This information is specific to THIS server only" >> data.ona.header
@echo "############# PUT YOUR DATA HERE ###################" >> data.ona.header
@echo "" >> data.ona.header
@echo "############## END HEADER FILE #####################" >> data.ona.header
" > /opt/ona/etc/tinydns/[serverFQDN]/Makefile
- cd /opt/ona/etc/tinydns/[serverFQDN];make init-header
- add entry to /etc/cron.d/ona to rebuild DNS on a regular interval (15 mins is good). Add one line for each dns server to be built
# Rebuild DNS configuration file and restart daemon */15 * * * * root /opt/ona/bin/build_tinydns -t -s [serverFQDN] > /dev/null 2>&1
tinydns notes:
- http://www.djbdnsrocks.org/single/under_hood.htm is a good link for good basic info on the setup.
- `svscan` watches services and ensures they are always running.
- `svc -u /service/dnscache` ## start dnscache service
- `svstat /service/dnscache` ## check the status of the dnscache service
- `tail -f /service/tinydns/log/main/current` | tai64nlocal ## tail tinydns log file and get readable timestamps