Install on Debian notes

robfantini edited this page Apr 24, 2013 · 49 revisions
  • ona using debian wheezy
  • 2013-04-23 the notes below are from the start of our network upgrade project. I'll post updated notes sometime. ping me if they are note here , which means this line is here.
GNU + ONA made it possible for our medium size company to transition from a 192.168.1.1/24 network to a 10.1.0.0/16 network using multiple /24 vlans .
  • 2012-12 these are notes from first install on 2012-12 using Wheezy.

Table of Contents

install debs

aptitude install  apache2 dnsutils mysql-server mysql-client \
     nmap php5 php5-gmp php5-mysql libapache2-mod-php5 unzip
I'm not certain that all the above are needed. got suggested debs from 'lamp debian' search.

php5-gmp is needed for ipv6 support in version 13.03.01 . else the following error when a subnet is clicked: "Error: the server returned the following HTTP status: 500 Received" . this was reported and fixed within hours .

install ona

just followed main ona install page at https://github.com/opennetadmin/ona/wiki/Install .

configure

  • /etc/ona
echo "/opt/ona" >> /etc/onabase
  • log rotate . example /etc/logrotate.d/ona :
/var/log/ona.log      {
  rotate 12
  size 100k
  compress
  missingok
  notifempty
}

this warning shows up every time /opt/ona/bin/dcm.pl is run : this was fixed in recent dcm.pl versions.

# /opt/ona/bin/dcm.pl -r host_add host=host1.example.com type=2 ip=10.100.100.44 mac=00:1F:33:F2:99:BB

Use of qw(...) as parentheses is deprecated at /opt/ona/bin/dcm.pl line 249.
Use of qw(...) as parentheses is deprecated at /opt/ona/bin/dcm.pl line 304.

release 1.21 fixes that . this is from dcm.pl change log with in the file:

##  Changelog:
##
##      07/05/2012 - v1.21 - Matt Pascoe
##          - Fix deprication warnings about qw

sendEmail

perl program needed to get emails if errors in build_dhcpd and probably other build_* .

get at http://caspian.dotconf.net/menu/Software/SendEmail/ . is that avail to install as a deb?

exctact to /usr/local/bin/

cron

sample /etc/cron.d/ona

SHELL=/bin/sh
PATH=/opt/ona/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Rebuild DHCPD configuration file and restart daemon 
*/15  * * * * root /opt/ona/bin/build_dhcpd > /dev/null  # 2>&1

# Rebuild DNS configuration file and restart daemon 
*/15  * * * * root /opt/ona/bin/build_tinydns -t -s dnshost1.example.com > /dev/null  # 2>&1

nmap and No buffer space available

  • running this:
/opt/ona/bin/nmap_scan_cron -u -a
# or this sometimes:
/opt/ona/bin/nmap_scan_cron -n 10.100.100.0/24
caused ping and rsync to return "No buffer space available". The issue is definitely the fact we are trying to scan a /16 subnet..

per the info in this bug I found: https://github.com/DataSoft/Nova/issues/342

I have added the following to /etc/sysctl.conf

net.ipv4.neigh.default.gc_thresh1 = 1024
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 65536

This seems to have fixed the buffer issue. I ran a new nmap scan via /opt/ona/bin/nmap_scan_cron.. because of the size of the network it takes about 30-40 minutes to complete the scan. you can now go to your main subnet and then click on the nmap scan under the report section. Keep in mind due to the size it takes 20-30 seconds for this page to render completely. but its a good report to see new devices and add hosts/interfaces that are not yet in ONA (there are only just a few).

When we break things up into vlans and /24 subnets this will be much quicker.

dhcp

  • ona easily handles generating a dhcpd.conf . of course the data needs to be loaded in to ona first.
  • install
 aptitude install isc-dhcp-server
  • configure
using a link is one way, another option is to have a local include file at /etc/dhcp/
use a link
cd /etc/dhcp
mv dhcpd.conf dhcpd.conf.ori
ln -s /opt/ona/etc/dhcpd/dhcpd.conf.ona dhcpd.conf
or include /etc/dhcp/dhcpd-local-include.conf in ona dhcp header file.

import existing dhcpd.conf

download dcm.pl , extract files and
install dcm.conf to /etc/ . AFAIK you'll need to set 'login ' and 'passwd' to a user account set up in ona gui . you should not use the default user , add a user ...

put dcm.pl to /opt/ona/bin/

  • Export: get this: https://gist.github.com/4039747 An AWK script to parse ISC dhcpd configuration files into a CSV for use by dcm.pl to load into OpenNetAdmin . check dhcpparse.awk then make it executable . and never run as root.
  • i just used the fixed leases in our old dhcpd.conf . the import may be able to get more then that..
  cat dhcpd.conf | ./dhcpparse.awk > fo
  • Import. edit the lines so thay look like this. use vim or sed.
 /opt/ona/bin/dcm.pl  -r host_add  ip=10.100.100.44 mac=00:1F:33:F2:99:BB  host=fbc44.xyz.com type=2

djbdns

Install services

  1. download debian package from http://packages.debian.org/sid/djbdns . ( unless "apt-get install djbdns" works ) .
  2. dpkg -i djbdns_1.05-8_i386.deb ## or djbdns_1.05-8_amd64.deb etc..
  3. apt-get install daemontools-run ucspi-tcp make
Add users
  1. groupadd dnscache; useradd -g dnscache dnscache; useradd -g dnscache dnslog
  2. groupadd tinydns; useradd -g tinydns tinydns
Configure dnscache
  1. dnscache-conf dnscache dnslog /var/dnscache 10.100.100.105
  2. ln -s /etc/service /service
  3. ln -s /var/dnscache /service
  4. adjust /service/dnscache/root/ip and servers settings
Configure tinydns
  1. tinydns-conf tinydns dnslog /var/tinydns 10.100.100.107
  2. ln -s /var/tinydns /service
  3. rm /service/tinydns/root/add-*
  4. Update the Makefile in tinydns/root so it wont break things
echo "# Do not edit data on this computer! data.cdb is copied from another location.
# The following line protects data.cdb by stopping make.
9" > /service/tinydns/root/data

Add new dedicated dnscache and tinydns interfaces to /etc/network/interfaces. For example:

# add: 

auto eth0:dnscache1
iface eth0:dnscache1 inet static
        address 10.100.100.105
        netmask 255.255.0.0


auto eth0:tinydns1
iface eth0:tinydns1 inet static
        address 10.100.100.107
        netmask 255.255.0.0

Configure tinydns builds from ONA

  1. mkdir -p /opt/ona/etc/tinydns/[serverFQDN]
  2. create a Makefile in the serverFQDN dir:
#  Makefiles are very picky about formatting (kinda like python).  
# you have to use tabs to indent things no spaces.. 
# the comments have to be the first character in the line, not indented..
#
# The DIRNAME variable gets the directory name that this makefile is in.
# The name of the directory must be the FQDN of the server to send the data.cdb file to
# This is done because the build_tinydns script invokes make with --directory
DIRNAME = $(shell basename ${CURDIR})

# Also the ssh keys should be stored in this directory as well under .ssh/
# example:
# mkdir .ssh
# ssh-keygen -f .ssh/tinydns-ona-key 
## and copy to secondary. 
# ssh-copy-id -i .ssh/tinydns-ona-key.pub  Secondary-dns-server

# Copy the data to remote machine(s), this will also activate it on that remote server
remote: data.cdb
	@echo "INFO => Rsyncing data to remote host: ${DIRNAME}"
	cp data.cdb /service/tinydns/root/data.cdb
	svc -t /service/dnscache
	#scp  -P 52123 -i ${CURDIR}/.ssh/tinydns-ona-key data.cdb rsyncuser@${DIRNAME}:/service/tinydns/root/data.cdb
	#ssh -i ${CURDIR}/.ssh/tinydns-ona-key  rsyncuser@${DIRNAME} 'svc -t /service/dnscache'

# Convert data file to the .cdb form
# This should be the path to your systems tinydns-data program
data.cdb: data
	@/usr/bin/tinydns-data

# If there is no header file, lets initialize one
init-header:
	@echo "############# BEGIN HEADER FILE ####################"  > data.ona.header
	@echo "# Header information to be added to the data file"    >> data.ona.header
	@echo "# This is where you manage records that can not be"   >> data.ona.header
	@echo "# maintained in the ONA database for whatever reason" >> data.ona.header
	@echo "# This information is specific to THIS server only"   >> data.ona.header
	@echo "############# PUT YOUR DATA HERE ###################" >> data.ona.header
	@echo "" >> data.ona.header
	@echo "############## END HEADER FILE #####################" >> data.ona.header
" > /opt/ona/etc/tinydns/[serverFQDN]/Makefile
  1. cd /opt/ona/etc/tinydns/[serverFQDN];make init-header
  2. add entry to /etc/cron.d/ona to rebuild DNS on a regular interval (15 mins is good). Add one line for each dns server to be built
   # Rebuild DNS configuration file and restart daemon 
   */15  * * * * root /opt/ona/bin/build_tinydns -t -s [serverFQDN] > /dev/null 2>&1

tinydns notes:

  • http://www.djbdnsrocks.org/single/under_hood.htm is a good link for good basic info on the setup.
  • `svscan` watches services and ensures they are always running.
  • `svc -u /service/dnscache` ## start dnscache service
  • `svstat /service/dnscache` ## check the status of the dnscache service
  • `tail -f /service/tinydns/log/main/current` | tai64nlocal ## tail tinydns log file and get readable timestamps