Setup RANCID and ViewVC (Part One)

KB ID 0001331

Problem

There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.)

Then I had to do some more searching to get it to back up my Cisco ASA firewalls and get the whole thing automated, which Ill cover in Part Two.

OS: CentOS 7 x64

Rancid: 3.4.1

ViewVC: 1.1.24

Solution

Once it’s built, let’s update our server;

[box]

yum upgrade
yum update
Answer any questions with 'y' for yes.

[/box]

Lets install all the components we need;

[box]

yum install nano wget ftp telnet mariadb-server mariadb perl tcl expect gcc cvs rcs httpd autoconf php-common php-gd php-pear php-pecl-memcache php-mysql php-xml mod_ssl MySQL-python

[/box]

We only need a simple web server, so set the firewall accordingly (I’m opening http (TCP 80) and https (TCP 443) but we will only configure http in this example);

[box]

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

[/box]

We have already installed Apache (web server), so we need to start it up, then set it to ‘auto-start’ with the server. Then create a group, and a user (rancid), and place that user in the group we created. Finally create a directory for us to ‘unzip’ rancid into.

[box]

systemctl enable httpd.service
systemctl start httpd.service
groupadd netadm
useradd -g netadm -c "Networking Backups" -d /home/rancid rancid
mkdir /home/rancid/tar

[/box]

Move into the directory, we just created then download RANCID, unzip it, then install it.

[box]

cd /home/rancid/tar/
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-3.4.1.tar.gz
tar -zxvf rancid-3.4.1.tar.gz
cd rancid-3.4.1
./configure --prefix=/usr/local/rancid
make install

[/box]

Copy over the ‘clogin’ file, (more on this later). Then set the ownership and and permissions on the rancid files and directories.

[box]

cp cloginrc.sample /home/rancid/.cloginrc
chmod 0640 /home/rancid/.cloginrc
chown -R rancid:netadm /home/rancid/.cloginrc
chown -R rancid:netadm /usr/local/rancid/
chmod 775 /usr/local/rancid/

[/box]

Now to set the ‘top level’ groups. Above I’ve got Firewalls and Switches, you might want to create a group for each customer you are backing up, or each site. (the design is up to you), but these are the ‘folder names’ you will see when you first log into the ViewVC web front end. Next you need to edit the main Rancid configuration file;

[box]

nano /usr/local/rancid/etc/rancid.conf

[/box]

Uncomment and add your groups, i.e.
LIST_OF_GROUPS=”Firewalls Switches

Save and Exit the file, (in nano that’s CTRL+X, then Y to save, and finally {Enter}.) Now we need to change to the rancid user we created earlier, (remembering to swap back to ‘root’ afterwards). We do this to create the folder structure for the groups we just created. Most importantly this creates the router.db file(s) which lives in each group/folder. This file specifies what the devices are, and where they are, that you will be backing up.

[box]

su -rancid

Or 'su rancid' if you are logged in as root

/usr/local/rancid/bin/rancid-cvs
su

[/box]

Download and install ViewVC.

[box]

cd /home/rancid/tar/
wget http://viewvc.tigris.org/files/documents/3330/49471/viewvc-1.1.24.tar.gz
tar -zxvf viewvc-1.1.24.tar.gz
cd viewvc-1.1.24
./viewvc-install

[/box]

Open the ViewVC config file;

 

[box]

nano /usr/local/viewvc-1.1.24/viewvc.conf

[/box]

Uncomment and change the values, (as shown above).

root_parents = /usr/local/rancid/var/CVS : cvs
rcs_dir = /usr/local/bin
use_rcsparse = 1

Now to enable ViewVC to work with Apache, we need to copy over some CGI, and set some permissions.

[box]

cp /usr/local/viewvc-1.1.24/bin/cgi/*.cgi /var/www/cgi-bin
chmod +x /var/www/cgi-bin/*.cgi
chown apache:apache /var/www/cgi-bin/*.cgi

[/box]

Then in the Apache config file, scroll to the end and add the following text, (don’t forget to save and exit the file).

[box]

nano /etc/httpd/conf/httpd.conf

Paste the following (at the bottom)

# Custom Rancid Config

<VirtualHost>
        DocumentRoot /var/www
        ScriptAlias /cgi-bin/ "/var/www/cgi-bin"
        ScriptAlias /viewvc /var/www/cgi-bin/viewvc.cgi
        ScriptAlias /query /var/www/cgi-bin/query.cgi
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
</VirtualHost>

[/box]

We already installed MariaDB, (similar to MySQL) earlier, we just need to start it up, then set it to auto start with the server. Out of the box, MariaDB is a little insecure, so there’s a process of hardening it called ‘mysql_secure_installation’.

Note: the first time you run the secure installation it will ask for a password, this is the root password for MariaDB NOT the Linux root password, this will be {blank} so just hit {Enter}, then Yes to set the password, and set the MySQL/MariaDB root password (NEVER LOSE OR FORGET THIS). You will need it in a minute anyway, for all the other questions simply press {Enter} to accept the defaults.

[box]

systemctl enable mariadb
systemctl start mariadb
sudo mysql_secure_installation

[/box]

Now that MariaDB is installed, we need to create a user in SQL that ViewVC will use, to do that we need to log into SQL using the root password you just setup.

[box]

mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVC'@'localhost' IDENTIFIED BY ‘Password123’;
GRANT ALL PRIVILEGES ON *.* TO 'VIEWVC'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit

[/box]

Note: sometime it does not like you copying and pasting the first ‘CREATE USER…’ line, (I don’t know why.) If it complains, type it out manually!

Now that is set up we can get ViewVC to create its database.

[box]

cd /usr/local/viewvc-1.1.24/bin
./make-database

[/box]

Use the following settings when prompted;

MySQL Hostname (leave blank for default):{Enter}

MySQL Port (leave blank for default):{Enter}

MySQL User: VIEWVC

MySQL Password: Password123

ViewVC Database Name [default: ViewVC]:{Enter}

Then, (the same as you did earlier,) create another user in MariaDB, that will be a ‘read-only’ user.

[box]

mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVCRO'@'localhost' IDENTIFIED BY ‘Password456’;
GRANT SELECT ON ViewVC.* TO 'VIEWVCRO'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit

[/box]

Edit the ViewVC configuration so that it uses all the parameters you have setup;

[box]

nano /usr/local/viewvc-1.1.24/viewvc.conf

[/box]

 

Un

Scroll down to the [csvdb] section, then uncomment and change the values shown (above,) so that look like.

enabled = 1
host = localhost
port = 3306
database_name = ViewVC
user = VIEWVC
passwd = Password123
readonly_user = VIEWVCRO
readonly_passwd = Password456

Then get ViewVC to ‘rebuild’ the database .

[box]

/usr/local/viewvc-1.1.24/bin/cvsdbadmin rebuild /usr/local/rancid/var/CVS/CVSROOT/

[/box]

Reboot the server, and if you browse to http://{ip-or-hostname}/viewvc you should see something like this;

 

In Part Two we will add some Cisco Devices (Switches and ASA Firewalls) and schedule the backups.

Related Articles, References, Credits, or External Links

NA

Linux – Install VMware Tools

KB ID 0001330 

Problem

Note: This is to install the VMware Tools NOT the OPEN-VM-TOOLS.

I’ve had to do this a few times now, and every time I Goolge how to do it, I get pages of instructions on how to install the open vm tools. When what I really want is to install the VMware Tools.

Solution

I’m using vSphere ESX, but even if you are using VMware Workstation or VMware Fusion, you can still select ‘Install/Upgrade VMware tools’, this presents a DVD image to the virtual machine.

The install for VMware tools uses Perl, so you will need to have that installed.

[box]

yum install perl

[/box]

Now we are going to mount the virtual CDROM/DVD drive into a folder, (called/mnt). Then when we have a look inside this folder, you will see the VMwareTools-{version}.tar.gz (take a note of this).

[box]

mount /dev/cdrom /mnt
cd /mnt
ls
TAKE NOTE OF THE VERSION!

[/box]

Unzip those files into the /tmp directory, then run the installer.

[box]

cd /tmp
tar zxf /mnt/VMwareTools-9.10.0-2476743.tar.gz
cd vmware-tools-distrib
./vmware-install.pl

[/box]

Keep pressing {Enter} to accept the defaults, when complete the mounted VMware tools DVD will be ejected.

 

Related Articles, References, Credits, or External Links

NA

CentOS / Redhat / Fedora – VMware VMXNET3 Adapter Not Working

KB ID 0001329 

Problem

This has tripped me up a couple of times, and if you Google the problem, you find a load of posts saying ‘Just install VMware tools that will fix the problem’

It Wont!

And I’ll tell you why, run ifconfig

You will notice you have a network card, but you will also notice that it’s got a strange name ‘ens160’ not eth0 as you would normally expect? Anyway let’s prove it’s not a driver issue by issuing a dhclient -v command. This basically forces the NIC up and makes it get a DHCP address, (assuming your NIC is connected to the correct network, and you have DHCP running of course!)

So this tells me it’s not a driver issue, and that installing VMware tools probably wont cure the problem.

It Didn’t!

Also if you reboot, you will find it’s not working again!

Solution

I’m going to use nano in a minute, (other editors are available), so I’ll install that first. (I’m logged in as root, you may need to prefix the following command with sudo if you are not).

[box]

yum install nano

[/box]

Remember my network card had a ‘funny name’, well change directory to the /etc/sysconfig/network-scripts directory, and you will see it’s config file, so let’s edit that, (change the text in red, to reflect your interface name, from the ifconfig command earlier);

[box]

cd /etc/sysconfig/network-scripts
nano ifconfig-ens160

[/box]

Make sure;

BOOTPROTO=dhcp

ONBOOT=yes

Now if you reboot your VM, it should come back up with networking enabled.

 

Related Articles, References, Credits, or External Links

NA

Linux (CentOS 7) Generating CSR (Certificate Signing Requests)

KB ID 0001206 

Problem

If you want to use digital certificates on your CentOS server, then you will need to generate a CSR. It does not matter if you want to purchase a publicly signed certificate, or even if you are going to sign your own. Below is how to generate a CSR for a single web host.

Note: Most cert vendors now require a minimum key length of 2048 so thats what I’m going to use. And I’m assuming you have openSSL installed (type ‘openssl version‘ to find out). 

Solution

Execute the following command

[box]

[root@WebHost ~]# openssl req -newkey rsa:2048 -nodes -keyout www.YourSite.com.key -out www.YourSite.com.csr

[/box]

The CSR Generation process will begin and you will have to answer some questions;

[box]

Generating a 2048 bit RSA private key
.........................................+++
........................+++
writing new private key to 'www.YourSite.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:Teesside
Locality Name (eg, city) [Default City]:Middlesbrough
Organization Name (eg, company) [Default Company Ltd]:YourSite
Organizational Unit Name (eg, section) []:YourSite
Common Name (eg, your name or your server's hostname) []:www.YourSite.com
Email Address []:administrator@YourSite.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password123
An optional company name []:YourSite

[/box]

This will actually create the CSR, now you need to get the text from the CSR, and sent it to your certificate vendor ,or sign it with your own CA.

[box]

[root@WebHost ~]# cat www.YourSite.com.csr
-----BEGIN CERTIFICATE REQUEST-----
NIIDKTCCAhECAQAwga4xCzAJBgNVBAYTAkdCMREwDwYDVQQIDAhUZWVzc2lkZTEW
MBQGA1UEBwwNTWlkZGxlc2Jyb3VnaDEUMBIGA1UECgwLUGV0ZU5ldExpdmUxFDAS
BgNVBAsMC1BldGVOZXRMaXZlMRwwGgYDVQQDDBN3d3cucGV0ZW5ldGxpdmUuY29t
MSowKAYJKoZIhvcNAQkBFhtpbmZvcm1hdGlvbkBwZXRlbmV0bGl2ZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCudW2OhXUnEIpiN2oQnREoZVAn
Cvvb07+7gZb5NgxSSc8pYab3ic6mmEabM3c/m9mLtO3m4ZSTJrU9QC91Vn6PF90K
iqApOfizUnNFEOSJptpcoLxlUWUJF8PZUn9fYZyNhp30QQ3B5ajxc4ML0BB+4Wp2
1sjJzfAvtSsFmUSCEXlJTrWnYkGpZz4dYYRlQgTniY4++M/AG9gL99XuSKcSD5K0
4qr07J9a6AYA0tXJq+yN3EzcLSBkIVDuNv84e+CyXc8RV+BkaRTr/gYGwQU4C+IG
87Lw8GC6P1adUi2mR4GMMbZLPYa14Psao4ZA/Ihk9EFS2xqXQH2AZ2nUGPM7AgMB
AAGgNTAXBgkqhkiG9w0BCQcxCgwIcGFzc3dvcmQwGgYJKoZIhvcNAQkCMQ0MC1Bl
dGVOZXRMaXZlMA0GCSqGSIb3DQEBCwUAA4IBAQAPUo4AVBajrflZQRI8MrRyndpD
s6MqZQwYlrceZVZrut+htS14ZC/GbaPC7gOvxYyS52RSW4UiG3egi6H7NnhqHjR+
Dz859bLKIut3YeCo3sK5+aCxvcGEjA1uduqKg5WFwPj5BvnsIYezq3O5Q4FvfQAy
FElb9snk0sJ6GFYifjeza8+w6CIabUpyl0kyDoAbnjnnyhR0s5/h4L7X3zqaQ0J+
OZVRyj54nLXoFDw1n8pGRb31khlEwDzXvVe9+wreCZ6lLqhDki94Uq5LenqofUlw
MPucqVIA9lgvQ8vjyTWVQYYffMRlAx7g/SdVTIhFBqq7rsh9/XHn7qfXlc4c
-----END CERTIFICATE REQUEST-----
[root@WebHost ~]#

[/box]

Related Articles, References, Credits, or External Links

NA

Webmin – Read User Mail Error ‘The mail server in the module configuration was not found on your system’

KB ID 0000885 

Problem

While setting up and configuring a new Postfix mail server, I attempted to use the Webmin ‘Read User Mail’ module, and got this error.

Module Config Read User Mail
The mail server set in the module configuration was not found on your system, You will need to adjust the configuration to use the correct server.

Solution

At first I thought I needed to enter a servername into the config. However it seems when my VPS hosting company provisioned my server it installed sendmail by default, I needed to change it to Postfix instead.

1. Open the link it provides to the Read User Mail module configuration.

2. Scroll down to the system configuration section.

3. Change the Mail server Installed to Postfix.

4. DON’T FORGET to scroll to the bottom and press ‘Save’.

Related Articles, References, Credits, or External Links

NA

RSS Error – Your feed appears to be encoded as “UTF8”, but your server is reporting “US-ASCII”

KB ID 0000889 

Problem

I don’t validate and check the sites RSS feed as often as I should, but post server migration I got this error;

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.
Your feed appears to be encoded as “UTF8”, but your sever is reporting “US-ASCII”

Solution

As you can see by the section I’ve indicated above, I can see where the UTF-8 is being set on the page. I just need my server (CentOS with Apache2) to allow it.

1. Edit (or create a file in the same directory as the RSS XML file) .htaccess and add the following lines to the end.

[box]

# Add the UTF-8 Character Set
AddCharset UTF-8 .xml

[/box]

2. The restart Apache.

[box]

service https restart

[/box]

Related Articles, References, Credits, or External Links

NA

Linux – Enable PHP Short Tags

KB ID 0000886 

Problem

I have a particular web page that uses PHP short tags. Post migration from my old hosting company to a dedicated VPS, this stopped working.

As I know little about Linux, and even less about PHP, I asked the question at Experts Exchange about why It was no longer working. I took no time at all, for someone who knew what they were doing to say, “Your code uses ‘Short tags’, but you do not have short tags enabled”

Solution

How To Enable PHP Short Tags From .htaccess

This would be your approach if you were on a hosted web server, and could not access the servers PHP configuration. In the ‘Root’ of your website should be a file called .htaccess you can simply edit this with any text editor (but make sure it does not save with a file extension!).

Add the following lines to the end;

[box]php_value short_open_tag 1
php_value asp_tags 1[/box]

How to Enable Short Tags in PHP

1. Connect to the server via SSH, (or open a terminal session). The file you need to edit is called php.ini. This server is running CentOS, so you should find that file in the /etc/ folder.

2. By default the line you are looking for is 229 (press CTRL+C to show position). Locate the short_open_tag = Off line.

3. Change the entry to ‘On’, and save the changes (CTRL+X and ‘Y’ to save).

4. Restart the web server.

[box]
service httpd restart[/box]

Related Articles, References, Credits, or External Links

NA

Backing up a Remote Linux Machine With Windows (Using Rsync and Cygwin)

KB ID 0000892 

Problem

The goal here was for me to get a backup of my VPS server (Running CentOS 6). My background is primarily Windows based, so I wanted a solution where I can just run the backup from a Windows machine, (i.e. my my laptop) and let it connect, login and perform the backup.

What is Rsync? If you are familiar with Robocopy it’s similar, it can perform a backup/sync of data and encrypt that data while it’s passing over the network. In addition, once the initial sync has been done, the next time you run it, it only replicates the changes. This makes it ideal for backups.

What is Cygwin? Basically it’s a Linux ‘Shell’ that will run on a Windows machine.

Solution

 

Step 1: Install Cygwin on My Windows Client

1. Download Cygwin (URL is on the image below), and install on the machine that will be performing the backups. When prompted accept all the defaults to download form the internet > Accept the install directory C:cgywin64 > Install for All users > Set the local Package Directory to the Desktop > Internet = Direct Connection > Choose a Download site > Next.

2. When asked to select packages > Expand Net.

3. Select openssh and rsync to be installed.

4. Expand shells > Select bash to be installed. > Complete the installation.

Step 2: Generate SSH Keys in Cygwin

5. Launch Cygwin and generate some SSH Keys.

[box]

ssh-keygen -t rsa -b 2048

KEEP PRESSING ENTER TO ACCEPT THE DEFAULTS, AND HAVE A BLANK PASSPHRASE

[/box]

Step:3 Create a User (On the Remote Linux Host) to Perform Backups

6. Connect to the server via SSH, (or open a terminal session). Logon as, (or su to) root.

[box]

useradd {username} -s /bin/bash
passwd {username}
ENTER AND CONFIRM THE PASSWORD 

[/box]

7. To ensure your user has the correct folders in their home folder the easiest way is generate a pair of keys on the remote Linux machine (the same as you did before).

[box]

ssh-keygen -t rsa -b 2048

[/box]

Step 4: Copy the Public SSH Key from the Windows Machine to the Linux Machine

8. Above, Cygwin told us the keys are in /home/{username}/.ssh > Go to that directory and make sure they are there > Make a copy of the id_rsa.pub key > Call the copy authorized_keys > Copy that key to the correct folder on the remote Linux machine (via SCP).

[box]

cd /home/{username}/.ssh <<Note This is the username on the Cygwin machine)
ls
CHECK id_rsa.pub IS LISTED
cp id_rsa.pub authorized_keys
ls
CHECK authorized_keys IS LISTED
scp
authorized_keys {username}@{Linux Machine's name/IP}:/home/{username}/.ssh

Note The username (above) is the username on the Linux Machine

[/box]

9. Now check we can login to the remote Linux machine, from the Windows machine (without having to provide a password for the user we created). Note: Sometimes you need to do this twice before it will work.

[box]

ssh {username}@{Linux Machine's name/IP}

[/box]

If successful, your prompt should change to that of the remote Linux machine.

10. To return to Cygwin, simply type exit.

Step 5: On the Windows Machine Create a Backup Job

11. On the Windows machine create a folder that will hold the backup files (create it in the C:cygwin64 folder).

12. Lets test our backup to that folder. (Note: This does not back any data up it just performs a ‘dry run’).

[box]

rsync -avzun {username}@{Linux Machine's name/IP}:/ /VPS-Backup

[/box]

Note: Above I’ve chosen the root ‘/’ directory, you may just want to select specific folders to backup e.g.

  • /var/www/ The Default location for Apache’s Website Files.
  • /var/lib/mysql The Default location for MySQL Databases.

Warning: Folder locations may differ depending on the server and how it was setup.

13. Tailor the following, and save it on the Windows machine, in the C:cyqwinbin directory as Remote-Server-Backup.sh

[box]

# Remote-Server-Backup.sh
#
#
# rsync tool to download server data
# from [Remote Linux Server name] to [Windows Backup Machine]
#
#
# download only those files on [Remote Linux Server name] in
#
[server directory]
# Only files that are newer than what is already on the
#
[Windows Backup Machine Directory]
#
# Syntax
#
# rsync -avzu [user name]@[Remote Linux Server name]:
#[server directory] [Windows Backup Machine Directory]
# Windows Shortcut Target Should be
#C:cygwin64binbash.exe --login -i '/bin/Remote-Server-Backup.sh'

rsync -avzu {username}@{Linux Machine's name/IP}:/ /VPS-Backup

[/box]

14. On the Windows machine create a new shortcut.

15. Browse to, and select c:cygwinbinbash.exe

16. Give it a sensible name > Finish

17. Open the properties of the shortcut and change the Target: to;

[box]

C:cygwin64binbash.exe --login -i '/bin/Remote-Server-Backup.sh'

[/box]

Note: You may also want to change the icon to the Cygwin one at C:cygwin64Cygwin.ico

18. Run the shortcut to perform the backup.

You could (if you wanted), use the Window scheduler to schedule this for you, but I prefer to do it myself.

Related Articles, References, Credits, or External Links

NA