Setup RANCID and ViewVC (Part One)

KB ID 0001331

Problem

There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.)

Then I had to do some more searching to get it to back up my Cisco ASA firewalls and get the whole thing automated, which Ill cover in Part Two.

OS: CentOS 7 x64

Rancid: 3.4.1

ViewVC: 1.1.24

Solution

Once it’s built, let’s update our server;

[box]

yum upgrade
yum update
Answer any questions with 'y' for yes.

[/box]

Lets install all the components we need;

[box]

yum install nano wget ftp telnet mariadb-server mariadb perl tcl expect gcc cvs rcs httpd autoconf php-common php-gd php-pear php-pecl-memcache php-mysql php-xml mod_ssl MySQL-python

[/box]

We only need a simple web server, so set the firewall accordingly (I’m opening http (TCP 80) and https (TCP 443) but we will only configure http in this example);

[box]

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

[/box]

We have already installed Apache (web server), so we need to start it up, then set it to ‘auto-start’ with the server. Then create a group, and a user (rancid), and place that user in the group we created. Finally create a directory for us to ‘unzip’ rancid into.

[box]

systemctl enable httpd.service
systemctl start httpd.service
groupadd netadm
useradd -g netadm -c "Networking Backups" -d /home/rancid rancid
mkdir /home/rancid/tar

[/box]

Move into the directory, we just created then download RANCID, unzip it, then install it.

[box]

cd /home/rancid/tar/
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-3.4.1.tar.gz
tar -zxvf rancid-3.4.1.tar.gz
cd rancid-3.4.1
./configure --prefix=/usr/local/rancid
make install

[/box]

Copy over the ‘clogin’ file, (more on this later). Then set the ownership and and permissions on the rancid files and directories.

[box]

cp cloginrc.sample /home/rancid/.cloginrc
chmod 0640 /home/rancid/.cloginrc
chown -R rancid:netadm /home/rancid/.cloginrc
chown -R rancid:netadm /usr/local/rancid/
chmod 775 /usr/local/rancid/

[/box]

Now to set the ‘top level’ groups. Above I’ve got Firewalls and Switches, you might want to create a group for each customer you are backing up, or each site. (the design is up to you), but these are the ‘folder names’ you will see when you first log into the ViewVC web front end. Next you need to edit the main Rancid configuration file;

[box]

nano /usr/local/rancid/etc/rancid.conf

[/box]

Uncomment and add your groups, i.e.
LIST_OF_GROUPS=”Firewalls Switches

Save and Exit the file, (in nano that’s CTRL+X, then Y to save, and finally {Enter}.) Now we need to change to the rancid user we created earlier, (remembering to swap back to ‘root’ afterwards). We do this to create the folder structure for the groups we just created. Most importantly this creates the router.db file(s) which lives in each group/folder. This file specifies what the devices are, and where they are, that you will be backing up.

[box]

su -rancid

Or 'su rancid' if you are logged in as root

/usr/local/rancid/bin/rancid-cvs
su

[/box]

Download and install ViewVC.

[box]

cd /home/rancid/tar/
wget http://viewvc.tigris.org/files/documents/3330/49471/viewvc-1.1.24.tar.gz
tar -zxvf viewvc-1.1.24.tar.gz
cd viewvc-1.1.24
./viewvc-install

[/box]

Open the ViewVC config file;

 

[box]

nano /usr/local/viewvc-1.1.24/viewvc.conf

[/box]

Uncomment and change the values, (as shown above).

root_parents = /usr/local/rancid/var/CVS : cvs
rcs_dir = /usr/local/bin
use_rcsparse = 1

Now to enable ViewVC to work with Apache, we need to copy over some CGI, and set some permissions.

[box]

cp /usr/local/viewvc-1.1.24/bin/cgi/*.cgi /var/www/cgi-bin
chmod +x /var/www/cgi-bin/*.cgi
chown apache:apache /var/www/cgi-bin/*.cgi

[/box]

Then in the Apache config file, scroll to the end and add the following text, (don’t forget to save and exit the file).

[box]

nano /etc/httpd/conf/httpd.conf

Paste the following (at the bottom)

# Custom Rancid Config

<VirtualHost>
        DocumentRoot /var/www
        ScriptAlias /cgi-bin/ "/var/www/cgi-bin"
        ScriptAlias /viewvc /var/www/cgi-bin/viewvc.cgi
        ScriptAlias /query /var/www/cgi-bin/query.cgi
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
</VirtualHost>

[/box]

We already installed MariaDB, (similar to MySQL) earlier, we just need to start it up, then set it to auto start with the server. Out of the box, MariaDB is a little insecure, so there’s a process of hardening it called ‘mysql_secure_installation’.

Note: the first time you run the secure installation it will ask for a password, this is the root password for MariaDB NOT the Linux root password, this will be {blank} so just hit {Enter}, then Yes to set the password, and set the MySQL/MariaDB root password (NEVER LOSE OR FORGET THIS). You will need it in a minute anyway, for all the other questions simply press {Enter} to accept the defaults.

[box]

systemctl enable mariadb
systemctl start mariadb
sudo mysql_secure_installation

[/box]

Now that MariaDB is installed, we need to create a user in SQL that ViewVC will use, to do that we need to log into SQL using the root password you just setup.

[box]

mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVC'@'localhost' IDENTIFIED BY ‘Password123’;
GRANT ALL PRIVILEGES ON *.* TO 'VIEWVC'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit

[/box]

Note: sometime it does not like you copying and pasting the first ‘CREATE USER…’ line, (I don’t know why.) If it complains, type it out manually!

Now that is set up we can get ViewVC to create its database.

[box]

cd /usr/local/viewvc-1.1.24/bin
./make-database

[/box]

Use the following settings when prompted;

MySQL Hostname (leave blank for default):{Enter}

MySQL Port (leave blank for default):{Enter}

MySQL User: VIEWVC

MySQL Password: Password123

ViewVC Database Name [default: ViewVC]:{Enter}

Then, (the same as you did earlier,) create another user in MariaDB, that will be a ‘read-only’ user.

[box]

mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVCRO'@'localhost' IDENTIFIED BY ‘Password456’;
GRANT SELECT ON ViewVC.* TO 'VIEWVCRO'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit

[/box]

Edit the ViewVC configuration so that it uses all the parameters you have setup;

[box]

nano /usr/local/viewvc-1.1.24/viewvc.conf

[/box]

 

Un

Scroll down to the [csvdb] section, then uncomment and change the values shown (above,) so that look like.

enabled = 1
host = localhost
port = 3306
database_name = ViewVC
user = VIEWVC
passwd = Password123
readonly_user = VIEWVCRO
readonly_passwd = Password456

Then get ViewVC to ‘rebuild’ the database .

[box]

/usr/local/viewvc-1.1.24/bin/cvsdbadmin rebuild /usr/local/rancid/var/CVS/CVSROOT/

[/box]

Reboot the server, and if you browse to http://{ip-or-hostname}/viewvc you should see something like this;

 

In Part Two we will add some Cisco Devices (Switches and ASA Firewalls) and schedule the backups.

Related Articles, References, Credits, or External Links

NA

Migrated WordPress Site – Homepage Works, All Other Pages/Links Fail

KB ID 0001126 

Problem

I’m in the process of migrating the site back to its original VPS now that the site re-write and redesign has been completed. I used a plugin (UpdraftPlus) to backup the site, and its database, and then restored it to the new server. After the restore I connected to the new server and there was the site in all its glory 🙂

However, every single link I clicked gave me a;

Not Found

The requested URL {Path} was not found on this server

Solution

I struggled with this for a long time, internet searches all said, this is common, it’s because WordPress needs to update its ‘permalinks’, and it needs to write some code to the .htaccess file to do this.

WordPress will add the lines it needs, if you go to Settings > Permalinks, enter your setting, and click save. If it can’t write to the .htaccess file, then it will tell you and show you the code that needs adding, if that happens you have a permissions problem and WordPress has not got the rights to update the .htaccess file.

After much trial and error I deduced permissions were ok, and so was the .htaccess file and the permalink settings.

My problem was the mod_rewite module was not enabled for my website, and even though I’d got WordPress set up correctly Apache web server wasn’t letting the rewrite happen.

On my web server (CentOS7) I needed to edit the http.conf file. (I’m using nano, substitute vi for nano, if you don’t have it installed).

[box]

nano /etc/httpd/conf/httpd.conf

[/box]

Locate the section, that is for the directory /var/www/html, and edit the AllowOveride so that it is changed from None to All.

(WARNING: there will be a few AllowOverrides, change the correct one).

Save and exit the config file, then restart Apache

[box]

/sbin/service httpd restart

[/box]

Related Articles, References, Credits, or External Links

NA

The uploaded file exceeds the upload_max_filesize directive in php.ini

KB ID 0001125 

Problem

When attempting to upload a file to your website, (in my case from within WordPress). You see this error.

Solution

If you are on ‘shared hosting‘ then you may not have access to your php.ini file, if that is the case you should add the following to your .htaccess file, (this will be a hidden file in the root folder of your website).

[box]

#########
php_value upload_max_filesize 50M
php_value post_max_size 50M
php_value max_execution_time 500
php_value max_input_time 500
#########

[/box]

If , (like me), you have your own server, then you will need to edit the php.ini file directly, but where is it? Executing a ‘whereis php.ini‘ command  in my case showed me a few copies in various locations, but which one was live?

I’m assuming your website is installed in /var/www/html, so change the commands if yours is in a different location. I’m going to create a .php file in the root of my website, then browse to this file, it will show me all my .php settings, and tell me where the live copy of php.ini is located.

I use nano, if you don’t have it installed, enter the hell that is the ‘vi editor’ and use that instead 🙂

[box]

nano /var/www/html/info.php

[/box]

Then paste in the following text;

[box]

<?php phpinfo(); ?>

[/box]

Then browse to the info.php file on your website with a web browser, i.e. http://www.your-website.com/info.php. You should see something like this.

You can see that the ‘Loaded Configuration File’ is in /etc/php.ini

WARNING: Now it’s a little bit of a security hole having this sat there, so let’s delete this file on the server with the following command;

[box]

rm /var/www/html/info.php
THEN Enter 'y' to confirm.

[/box]

How To Edit The php.ini File

Execute the following command;

[box]

nano /etc/php.ini

[/box]

Locate Upload_max_filesize and change its setting accordingly, by default it’s only 2MB.

Also change your post size setting, as the default is only 8MB.

Save and exit the file, then restart Apache.

[box]

/sbin/service httpd restart

[/box]

Try to upload your file again.

 

Related Articles, References, Credits, or External Links

NA

Webmin – Read User Mail Error ‘The mail server in the module configuration was not found on your system’

KB ID 0000885 

Problem

While setting up and configuring a new Postfix mail server, I attempted to use the Webmin ‘Read User Mail’ module, and got this error.

Module Config Read User Mail
The mail server set in the module configuration was not found on your system, You will need to adjust the configuration to use the correct server.

Solution

At first I thought I needed to enter a servername into the config. However it seems when my VPS hosting company provisioned my server it installed sendmail by default, I needed to change it to Postfix instead.

1. Open the link it provides to the Read User Mail module configuration.

2. Scroll down to the system configuration section.

3. Change the Mail server Installed to Postfix.

4. DON’T FORGET to scroll to the bottom and press ‘Save’.

Related Articles, References, Credits, or External Links

NA

Can I delete _vti_inf.html and the _vti folders?

KB ID 0000742 

Problem

I was doing some site tidying this week, usually If I don’t know what something is I leave it alone, but I was on a mission! I had a bunch of files/folders in the root of my website, that, a) I didn’t know what they were doing, and b) wanted to delete.

File: _vti_inf
Folders: _private, _vti_bin, _vti_cnf, _vti_log, vti_pvt, _vti_txt

Solution

As it turns out these folders are needed for FrontPage and FrontPage Extensions. I CAN simply delete them, but since my web host provides me with cPanel access to the website, I can simply disable the extensions there, and this removes all the junk for me. (I don’t intend to use FrontPage).

1. Log into cPanel, locate FrontPage Extensions.

2. Uninstall Extensions.

3. You should see something similar.

4. Now we are a bit less cluttered.

Related Articles, References, Credits, or External Links

NA

Google Analytics – Redundant Hostnames

(Redirecting non www URL’s to www URL’s)

KB ID 0001016 

Problem

I noticed this a while back, apparently Google Analytics started flagging this for many users on October 14th 2014. But I’ve only just got round to sorting it out.

If you are seeing this error its because your site is ‘addressable’ in more than one way, in my case you could get to me via http://petenetlive and http://www.petenetlive.com. I could have registered both in ‘Google Webmaster Tools’, and set one as a preferred site, but I didn’t want to update my Analytics code (I’ve got custom stuff in there I don’t want to re-write). So my next option is to do a ‘301 redirect’.

Solution

1. I use Apache web server, and I have my own VPS, so I can pretty much do what I want, If you side is hosted you may need to ask them to ensure that the rewrite_module is loaded on your web server. If you have your own you will need to take a look at your httpd.conf file.

2. Make sure that (like below), there is a line that is not commented out, that reads;

[box]LoadModule rewrite_module modules/mod_rewrite,so[/box]

3. Now in the root of your website edit (or create) the .htaccess file. And pate the following onto the end of it, (change accordingly);

[box]RewriteEngine On
RewriteCond %{HTTP_HOST} ^petenetlive.com
RewriteRule (.*) http://www.petenetlive.com/$1 [R=301,L][/box]

4. Save and upload the file (If using Notepad, make sure it does not put a .txt extension on the end of the filename – it should have NO extension).

5. Now go to http://your-website.com, (It will probably still work because your browser will attempt to load the page from its cache, so press CTRL+F5 to force refresh). If should redirect to http://www/your-website.com

6. To make doubly sure you can go here and type in http://your-website.com it should say something like;

HTTP/1.1 301 Moved Permanently
Date => Thu, 04 Dec 2014 19:41:48 GMT
Server => Apache/2.2.15 (CentOS)
Location => http://www.petenetlive.com/
Vary => Accept-Encoding
Content-Type => text/html; charset=iso-8859-1

<

7. Back in Google Analytics, select ‘Check again’.

5. It should say this.

6. Then it will say this ‘for ages!’.

 

Related Articles, References, Credits, or External Links

NA

Linux – Enable PHP Short Tags

KB ID 0000886 

Problem

I have a particular web page that uses PHP short tags. Post migration from my old hosting company to a dedicated VPS, this stopped working.

As I know little about Linux, and even less about PHP, I asked the question at Experts Exchange about why It was no longer working. I took no time at all, for someone who knew what they were doing to say, “Your code uses ‘Short tags’, but you do not have short tags enabled”

Solution

How To Enable PHP Short Tags From .htaccess

This would be your approach if you were on a hosted web server, and could not access the servers PHP configuration. In the ‘Root’ of your website should be a file called .htaccess you can simply edit this with any text editor (but make sure it does not save with a file extension!).

Add the following lines to the end;

[box]php_value short_open_tag 1
php_value asp_tags 1[/box]

How to Enable Short Tags in PHP

1. Connect to the server via SSH, (or open a terminal session). The file you need to edit is called php.ini. This server is running CentOS, so you should find that file in the /etc/ folder.

2. By default the line you are looking for is 229 (press CTRL+C to show position). Locate the short_open_tag = Off line.

3. Change the entry to ‘On’, and save the changes (CTRL+X and ‘Y’ to save).

4. Restart the web server.

[box]
service httpd restart[/box]

Related Articles, References, Credits, or External Links

NA

Apache Web Server – Change the Default Page

KB ID 0000882 

Problem

Out of the box, Apache expects your website homepage to be called index, on this site the homepage is called home, here’s how to change it.

Solution

1. Connect to the server via SSH, (or open a terminal session). The file you need to edit is called httpd.conf. This server is running CentOS, so you should find that file in the /etc/httpd/conf folder.

2. I’m going to edit it with nano.

3. Locate the DirectoryIndex section and remove index and any other unwanted filename (i.e. in this example index.var).

4. Add in the one you require and save and exit, (press CTRL+X and Y to save).

5. You nee to restart Apache for the change to take effect.

[box] apachectl -k restart[/box]

 

Related Articles, References, Credits, or External Links

NA

 

Apache is Ignoring the .htaccess file

KB ID 0000890

Problem

The .htaccess file is a file that lives in a directory on a web server. Its job is to provide ‘settings’ that would normally be set in the servers httpd.conf file. You can put a .htaccess file in any directory to control the settings for that directory, (providing .htaccess override has been allowed).

After having some problems the other day, I made a change to mine, then reliased the change was not applying.

Solution

1. Connect to the server via SSH, (or open a terminal session). Logon as, (or su to) root.

2. Change to the directory that the httpd.conf file is in, (usually the /etc/httpd/conf/httpd.conf directory).

[box] cd /etc/httpd/conf/httpd.conf [/box]

3. First let’s check that the config, has been set to recognise .htaccess as the AccessFileName.

[box] grep -i AccessFileName httpd.conf [/box]

4. Then the server needs to actually allow the overide (this was my problem). The following will show you all instances of AllowOverride, make sure you check them all.

[box] grep -i AllowOverride httpd.conf [/box]

5. To edit the file and change the approriate settings from None to All.

6. Then restart the the web server.

[box] service httpd restart [/box]

 

Related Articles, References, Credits, or External Links

NA