How to install mikoomi plugin of mongodb on the zabbix server

Mongodb mikoomi plugin installation

I used template of mikoomi server side ;
I tested of mongo db 3.0.7 and it works .

https://code.google.com/p/mikoomi/wiki/03

Setup and Configuration

The MongoDB plugin uses the MongoDB PHP driver which needs to be installed on the Zabbix server. For this, install and setup the following packages:

• php5-dev (or php5-devel) = Files for PHP5 module development
• php5-pear = PEAR - PHP Extension and Application Repository
• gcc = GNU C Compiler
• make = make utility

To install the above on a Zabbix appliance, login into the appliance as root (default password = zabbix) and run the following commands:

• yast -i php5-devel
• yast -i gcc
• yast -i php5-pear
• yast -i make

Now install the php MongoDB driver using the instructions at http://us2.php.net/manual/en/mongo.installation.php

In the case of the Zabbix appliance, run the the following pecl command:

• pecl install mongo

After successful installation of the MongoDB driver, you need to "enable" it within php5. Edit the two files /etc/php5/cli/php.ini and /etc/php5/apache2/php.ini and add a line to the "Dynamic Extensions" sections as shown below.

;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;

extension=mongo.so

Ensure that the php MongoDB driver is setup and configured properly by testing out one of the sample php programs for MongoDB driver (http://us2.php.net/manual/en/mongo.tutorial.php).

Dowload template and script files;

http://mikoomi.googlecode.com/svn/plugins/MongoDB%20Plugin/

[root@zabbix ~]# grep ExternalScripts /etc/zabbix/zabbix_server.conf
You have to Change to mikoomi of shell script file of about the externalscirpt .
And all of scripts are download at the externalscirpt directory.
And delete the word of "shift" . If you don't delete, your script doesn't work.

Next open up a browser and download the MongoDB Zabbix template. Now login to the Zabbix frontend (user = admin, password = zabbix).

Navigate as follows:

Configuration >> Templates
Click on the "Import Template" button on the top right-hand corner
In the "Import file" dialog box, browse/search/enter the filename of the Zabbix template that was downloaded
Upload the template




Now you are ready to start monitoring your MongoDB servers !




If you have any question please leave comments.

Haproxy Transparent Mode on Centos 7

Haproxy Transparent Mode on Centos 7

 HAProxy can’t do transparent binding or proxying alone. It must stand on a compiled and tuned Linux Kernel and operating system.

But Centos 7 supported haproxy transparent mode.

Step by step configuration; 

1. sysctl settings
2. iptables rules
3. ip route rules
4. HAProxy configuration

Step 1 is Sysctl serttings;

 – net.ipv4.ip_forward
  – net.ipv4.ip_nonlocal_bind

# echo 1 > /proc/sys/net/ipv4/ip_forward

# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind

Step 2 is iptables rules;

#iptables -F -t mangle
#iptables -F
#iptables -F -t nat
#iptables -t mangle -N DIVERT
#iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
#iptables -t mangle -A DIVERT -j MARK --set-mark 1

#iptables -t mangle -A DIVERT -j ACCEPT

Step 3 is ip route rules;
tell the Operating System to forward packets marked by iptables to the loopback where HAProxy can catch them:
#ip rule add fwmark 1 lookup 100

#ip route add local 0.0.0.0/0 dev lo table 100

Step 4 is haproxy configuration;
Finally, you can configure HAProxy.
  * Transparent binding can be configured like this:
frontend App_in
        bind ipofhaproxy:10421 transparent

        mode tcp

backend App_out

        mode tcp

        log global

        source 0.0.0.0 usesrc clientip

        balance roundrobin

        server backend1 ipofbackend01:10421 check

        server backend2 ipofbackend02:10421 check

Note: When you reboot the server ,ip rules will be delete.

Bash script will help you ;)

#!/bin/bash

iptables -F

iptables -F -t nat

iptables -t mangle -N DIVERT

iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A DIVERT -j MARK --set-mark 1

iptables -t mangle -A DIVERT -j ACCEPT

ip rule add fwmark 1 lookup 100

ip route add local 0.0.0.0/0 dev lo table 100

Puppet kurulumu ve ayarları

Puppet

Puppet bir sistem otomasyon aracıdır.

Örnek vermek gerekirse 10 tane sunucuyu kurup yönetmek kolay ve zahmetsiz görülebilir, konfiurasyon dosyalarını tek tek düzenleyebilirsiniz .

Bu sayı artış göstermeye başladığı zaman bir süre sonra sorunlar ve zorluklar çekmeye başlayabilirsin Böyle durumlar da imdada  puppet yetişiyor ve bir çok külfetten kurtulmuş oluyorsunuz.

Kurulum için ihtiyaç listesi :))
VirtualBox,
Debian 7.6 netinstall,

Puppet master ve agent tarafında yapılması gerekenler;

Dns adlarını lokal de yaptığımız için hosts dosyası içine eklemek ve makina adları ile ping attığına emin olmak.
Puppet Master ;
#nano /etc/hosts
127.0.0.1       localhost
127.0.1.1       deb7.6  deb7
10.1.0.172      puppetagent

Puppet Agent;
#nano /etc/hosts
127.0.0.1       localhost
127.0.1.1       deb7.6  deb7
10.1.0.171      puppetmaster

Ntp kurmamız şart değil bu test için manual olarakta aynı nette ki ntp serverlardan eşitlersini fakat gerçek zamanlı olarak sisteminize entegre etmeniz gerekiyorsa bi time server şart ve master agent ilişkisin de zamanların birbirini tutması gerekli.

Puppet Master Kurulumu;

Puppet Master ;

# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

#dpkg -i puppetlabs-release-trusty.deb

#apt-get update

#apt-get install puppetmaster-passenger

Peki neden puppet passenger kurduk onu bir anlatayım.

Passenger kurduğumuz da processler apache tarafından kontrol ediliyor yani apache çalışıyorsa puppet da çalışıyor demektir.

Sertifikaları silelim.

#rm -rf /var/lib/puppet/ssl

Puppetın temel konfigurasyonunu yapalım;

#/etc/puppet/puppet.conf

[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY

Buna ek olarak "certname = puppet" kısmını da main'in altına yazmamız gerekli ve fqdn girmemiz gerekli main altına "dns_alt_names = puppet, puppetmaster".

Kaydet ve çık.

Şimdi ssl cert generate edelim .
#puppet master --verbose --no-daemonize
Aşağıda ki gibi bir output vermesi gerekli;

Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): EC:7D:ED:15:DE:E3:F1:49:1A:1B:9C:D8:04:F5:46:EF:B4:33:91:91:B6:5D:19:AC:21:D6:40:46:4A:50:5A:29
Notice: Signed certificate request for ca
...
Notice: Signed certificate request for puppet
Notice: Removing file Puppet::SSL::CertificateRequest puppet at '/var/lib/puppet/ssl/ca/requests/puppet.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppet at '/var/lib/puppet/ssl/certificate_requests/puppet.pem'
Notice: Starting Puppet master version 3.6.2

Eğer bakmak isterseniz şöyle bir sertifikaya .
#puppet cert list -all

Aşağıda ki şekil de bir dosya oluşturalım , bu dosya hostların kurulum ve ayarlarını nasıl olacağını belirlediğimiz yer.

Son olarak ;
#service apache2 restart

Puppet Agent;

# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

#dpkg -i puppetlabs-release-trusty.deb

#apt-get update

#apt-get install puppet

Aşağıda açtığımız dosyada ki değeri "yes" olarak değiştiriyoruz.

#nano /etc/default/puppet

START = yes

Agentın ayarlarını yapalım.

#nano /etc/puppet/puppet.conf

Template ve master kısmını siliyoruz.

[Agent]

Server=puppetmaster

#service puppet start

Puppet master;

Agentdan gelen isteği onaylamak için puppet master da sertifikayı imzalıyoruz.

#puppet cert list

"puppetagent.local"(SHA256) B1:96:ED:1F:F7:1E:40:53:C1:D4:1B:3C:75:F4:7C:0B:A9:4C:1B:5D:95:2B:79:C0:08:DD:2B:F4:4A:36:EE:E3

#puppet cert sign puppetagent.local

sertifikayı kaldırmak için ;

#puppet cert clean "hostadı"

Puppet agenta geçip agent tarafını test etmek için ;

#puppet agent --test

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Caching catalog for hostadı
Info: Applying configuration version '1407966707'

Sistem testi için ;

#nano /etc/puppet/manifests/site.pp
file {'/tmp/example-ip':                                            # resource type file and filename
  ensure  => present,                                               # make sure it exists
  mode    => 0644,                                                  # file permissions
  content => "Here is my Public IP Address: ${ipaddress_eth0}.\n",  # note the ipaddress_eth0 fact
}
Agent tarafını test ettiğimiz de;
#cat /tmp/example-ip
Here is my Public IP Address: 128.131.192.11.

OpenStack Icehouse Kurulumu Ubuntu 12.04 part 2

Kaldığımız yerden devam edelim ;)

Open stack services

#apt-get install python-pip

#apt-get install python-novaclient

Image services (Glance)
#apt-get install glance python-glanceclient
#nano /etc/glance/glance-api.conf
#nano /etc/glance/glanceregistry.conf
[database]
connection = mysql://glance:glance@Controller/glance
#
#nano /etc/glance/glance-api.conf
[DEFAULT]
...
rpc_backend = rabbit
rabbit_host = Controller
rabbit_password = RABBIT_PASS

# rm /var/lib/glance/glance.sqlite
#mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';

# su -s /bin/sh -c "glance-manage db_sync" glance

#keystone user-create --name=glance --pass=glance \
--email=glance@example.com

#keystone user-role-add --user=glance --tenant=service --role=admin

#nano /etc/glance/glance-api.conf
#nano /etc/glance/glance-registry.conf

[keystone_authtoken]
auth_uri = http://Controller:5000
auth_host = Controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = GLANCE_PASS

[paste_deploy]
flavor = keystone

#keystone service-create --name=glance --type=image \
--description="OpenStack Image Service"

#keystone endpoint-create \
--service-iid=$(keystone service-list | awk '/ image / {print $2}') \
--publicurl=http://Controller:9292 \
--internalurl=http://Controller:9292 \

--adminurl=http://Controller:9292

#service glance-registry restart ; service glance-api restart

Image Service installation

#mkdir /tmp/images

#cd /tmp/images/

wget http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img

#glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 \

--container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img

#glance image-list

webden direkt olarak image yüklemek için.
#glance image-create --name="cirros-0.3.2-x86_64" --disk-format=qcow2 \
--container-format=bare --is-public=true \
--copy-from http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img

Install Compute controller services
#apt-get install nova-api nova-cert nova-conductor nova-consoleauth \

nova-novncproxy nova-scheduler python-novaclient

#nano /etc/nova/nova.conf
rpc_backend = rabbit
rabbit_host = Controller
rabbit_password = rabbit
connection = mysql://nova:nova@Controller/nova
my_ip = 10.0.0.11
vncserver_listen = 10.0.0.11
vncserver_proxyclient_address = 10.0.0.11

## rm /var/lib/nova/nova.sqlite
#mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';

# su -s /bin/sh -c "nova-manage db sync" nova
# keystone user-create --name=nova --pass=NOVA_PASS --email=nova@example.
com
#keystone user-role-add --user=nova --tenant=service --role=admin
#nano /etc/nova/nova.conf
[DEFAULT]
...
auth_strategy = keystone
auth_uri = http://Controller:5000
auth_host = Controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
#
#nano /etc/nova/api-paste.ini
auth_uri = http://Controller:5000
auth_host = Controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS

#keystone service-create --name=nova --type=compute \
--description="OpenStack Compute"
#
#keystone endpoint-create \
--service-id=id=$(keystone service-list | awk '/ compute / {print $2}') \
--publicurl=http://Controller:8774/v2/%\(tenant_id\)s \
--internalurl=http://Controller:8774/v2/%\(tenant_id\)s \
--adminurl=http://Controller:8774/v2/%\(tenant_id\)s

#service nova-api restart ; service nova-cert restart ;service nova-consoleauth restart ; service nova-scheduler restart ; service nova-conductor restart ;service nova-novncproxy restart

#nova image-list

Nfdump ,Nfsen installation and configuration

NFDUMP

Os: Debian wheezy 7.5

#apt-get install gcc flex librrd-dev make byacc flex autoconf

#cd  /opt

# wget http://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.12/nfdump-1.6.12.tar.gz/download

#tar xzvf nfdump-1.6.12.tar.gz

#cd /nfdump-1.6.12

# ./configure --enable-nfprofile --enable-nftrack --enable-sflow

#make

#make install

NFSEN

# apt-get install apache2 libapache2-mod-php5 php5-common libmailtools-perl rrdtool librrds-perl

#cd /opt

#wget http://heanet.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz

#tar xzvf nfsen-1.3.6p1.tar.gz

#cd nfsen-1.3.6p1/

#cp etc/nfsen-dist.conf /etc/nfsen.conf

# mkdir -p /data/nfsen

#nano /etc/nfsen.conf

[..]
$BASEDIR = "/data/nfsen";
[..]
$PREFIX  = '/usr/local/bin';#nfdump tools location
[..]
$USER    = "www-data";
[..]
$WWWUSER  = "www-data";
$WWWGROUP = "www-data";
[..]
%sources = (
 'for-Cisco' => {'port'=>'9995','col'=>'#0000ff','type'=>'netflow'},

 'for-Hp&Juniper' => {'port'=>'9996','col'=>'#0000ff','type'=>'sflow'},

);
[..]
$MAIL_FROM   = 'youraccount@yourdomain.ext';
$SMTP_SERVER = 'yoursmtphost.yourdomain.ext';
[..]

# perl -MCPAN -e 'install Socket6'

#which perl

/usr/bin/perl

# ./install.pl /etc/nfsen.conf

Script Ask a question about the perl location , 'which perl' is help you ;)

#cd /data/nfsen/bin/

#./nfsen start

For startup 

#ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen

#update-rc.d nfsen defaults 20

#ln -s /var/www/nfsen/nfsen.php /var/www/nfsen/index.php

Open browser and http://nfsen-nfdump-ip/nfsen/

If you have an error like this '“Frontend – Backend version missmatch!”'

http://sourceforge.net/p/nfsen/mailman/message/28748240/

or

#nano /var/www/nfsen/nfsen.php

// Session check
-if ( !array_key_exists('backend_version', $_SESSION ) || $_SESSION['backend_version'] !=  $expected_version ) {
+if ( array_key_exists('backend_version', $_SESSION ) && 
+$_SESSION['backend_version'] !=  $expected_version ) {
        session_destroy();
        session_start();
        $_SESSION['version'] = $expected_version;}

###

If you have an error about the 'service nfsen start/stop/reconfig'

Reconfiguring /usr/share/nfsen/bin/nfsen: Subroutine Lookup::pack_sockaddr_in6 redefined at /usr/share/perl5/Exporter.pm line 67.
at /usr/share/nfsen/libexec/Lookup.pm line 43
Subroutine Lookup::unpack_sockaddr_in6 redefined at /usr/share/perl5/Exporter.pm line 67.
at /usr/share/nfsen/libexec/Lookup.pm line 43
Subroutine Lookup::sockaddr_in6 redefined at /usr/share/perl5/Exporter.pm line 67.
at /usr/share/nfsen/libexec/Lookup.pm line 43
Subroutine AbuseWhois::pack_sockaddr_in6 redefined at /usr/share/perl5/Exporter.pm line 67.
at /usr/share/nfsen/libexec/AbuseWhois.pm line 42
Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at /usr/share/perl5/Exporter.pm line 67.
at /usr/share/nfsen/libexec/AbuseWhois.pm line 42
Subroutine AbuseWhois::sockaddr_in6 redefined at /usr/share/perl5/Exporter.pm line 67.
at /usr/share/nfsen/libexec/AbuseWhois.pm line 42
Subroutine AbuseWhois::pack_sockaddr_in6 redefined at /usr/share/nfsen/libexec/AbuseWhois.pm line 44
Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at /usr/share/nfsen/libexec/AbuseWhois.pm line 44

Subroutine AbuseWhois::sockaddr_in6 redefined at /usr/share/nfsen/libexec/AbuseWhois.pm line 44

###

/data/nfsen/libexec/AbuseWhois.pm

/data/nfsen/libexec/Lookup.pm

Change :
use Socket6;

with

Socket6->import(qw(pack_sockaddr_in6 unpack_sockaddr_in6 inet_pton getaddrinfo));

It will work fine ;)