05 febrero 2011

Instalar agentes de Fujitsu Server View en ESX

Proceso step-by-step para instalar los agentes de la aplicacion de gestion de servidores de Fujitsu "Server View" en sistemas operativos RedHat y por defecto tambien en ESX.
Lo que parece muy razonable es tener que deshabilitar el firewall para permitir que esta aplicacion nos reporte info sobre el hardware en el que se instale el ESX...¿no? El motivo es por el bloqueo de los traps de SNMP que necesita el agente, si el firewall los bloquea toca deshabilitarlo o crear una regla/excepcion que permita las iptables el paso de este trafico.




En tres pasos:
Step1- Installing the ServerView Agents
Step2 - Configuring the ServerView Agents
Step3 - Disabling the firewall

Enabling the Linux SNMP Service

Before you install the ServerView (sub) Agents you need to make sure the Linux SNMP Agent is installed (net-snmp).

When this is installed the Service is not automatically enabled.


Login as root, and on the command line type:

Type: chkconfig -- list | grep snmpd

The output of this command lists the snmpd service and the Linux run levels when it is active.

As most of the run levels are set to ‘off’ you will need to enable it.

Type: chkconfig snmpd on

Type: chkconfig -- list | grep snmpd again to see the change.

This has not started the service, only set the service to activate after the Server is rebooted.

To start the service immediately type:

service snmpd start



Installing the ServerView Agents

Insert the ServerStart Linux Update CD into the Server and type:

mount /dev/cdrom

This will mount the CD under /mnt/cdrom (On some variants of linux it may mount it under /media)

Move to the following directory /mnt/cdrom/Software/ServerView/ [O/S] /Agents

Create a new directory on the hard disk:

(for example) mkdir /home/ServerView

And copy the files into it.

cp * /home/ServerView

change to that directory (cd /home/ServerView) and install the following files in this order.

rpm –ivh srvmagt-mods*

This may ask you to run a buildscript that can not be run in the background. Type the line in as it has been provided to complete the install.

rpm –ivh srvmgt-eecd*

rpm –ivh srvmagt-agents*



Configuring the ServerView Agents

The following is provided to give you some guidelines on how to get ServerView up and running in case of difficulty.
However the following does leave the security wide open, so please take that into consideration.


You need to edit two files:

/etc/snmp/snmpd.conf (Sets up the Linux SNMP service to allow SNMP traffic to ServerView)
/etc/srvmagt/config (permissions of the ServerView agents to allow changes such as shutdowns)

Open each of these files in turn with the editor of choice and make the following changes:



/etc/snmp/snmp.conf (the lines that have been changed/added are highlighted)

First you should (comment out) using hash (#) any lines starting with com2sec
(This will ensure there is no conflicting setting when you add the following lines)

Place at the bottom of the file

# Sample snmpd.conf containing VMware MIB module entries.
# This is a simple snmpd.conf that may help you test SNMP.
# It is not recommended for production use. Consult the
# snmpd.conf(5) man pages to set up a secure installation.

syscontact root@localhost (edit snmpd.conf)

syslocation room1 (edit snmpd.conf)

#rocommunity public

#trapcommunity public

trapsink localhost

# VMware MIB modules. To enable/disable VMware MIB items

# add/remove the following entries.

dlmod SNMPESX /usr/lib/vmware/snmp/libSNMPESX.so

com2sec svSec localhost public
com2sec svSec 192.168.0/24 public
group svGroup v1 svSec
view svView included .1
access svGroup "" any noauth exact svView svView none




/etc/srvmagt/config (the lines that have been changed/added are highlighted)



#ident "@(#)$Header$"

################### Permissions ######################
AgentPermission=3
AgentShut=3
NoAccountCheck=1
UserGroup=bin
###################### Times #########################
ShutdownDelay=0
###################### Other #########################
ExpectMylex=$EXPECT_MYLEX
ScanTapeDevices=0
logrotate=0
######################################################


The host should now be manageable in ServerView S2.

Disabling the firewall
If you find that ServerView will not connect then it may be the firewall which is blocking the SNMP traffic.

To test (in a safe environment) try disabling the firewall.

RedHat / VMware uses a firewall service called ‘firewall’ and or iptables

Type: chkconfig firewall off (to disable in the different run levels)
chkconfig iptables off

Type: service firewall stop (to stop it)
service iptables stop

Finally restart the SNMP service to include all the changes you have just made.

Type: service snmpd restart

If you are patient (SNMP is a low priority service), then you should see the new host become manageable in ServerView S2.

If this has worked you should now look at configuring the firewall to allow SNMP traffic.
(Under VMWare this done in the VMWare admin Console).

To run the Agents with the firewall enabled you will need to enable the following ports:
Incoming packets on port 161 (service: snmp) for the protocols tcp and udp should be accepted.
For sending traps outgoing packets on port 162 (service: snmptrap) for protocol tcp should be allowed

No hay comentarios:

Publicar un comentario