Saturday, August 23, 2014

Netdisco2 on Ubuntu 14.04

Netdisco is neat tool to collect layer-2 forwarding database from switches, match MACs with layer-3 ARP table from router and present it over searchable webui.

Old "Netdisco 1" was quite horrible to setup, but it did still do its job. Recently "Netdisco 2" was released making admins life much easier and also bringing fancy new look for webui.

So here's my notes about installing new virtual machine with Netdisco 2.



# Install Ubuntu 14.04.2 LTS Server x64 with defaults

# After install login and switch to root
sudo su -

# Update system
apt-get update
apt-get -y dist-upgrade

# Add some basic tools we like
apt-get -y install openssh-server open-vm-tools build-essential joe wget screen lftp mtr-tiny zip ntp

# Get rid of spyware
apt-get -y remove popularity-contest

# Disable IPv6 support on next reboot
echo "net.ipv6.conf.all.disable_ipv6=1" >>/etc/sysctl.conf


# Install caching DNS server to reduce and speedup DNS queries sent when Netdisco is operating
apt-get -y install dnsmasq

# Generate config file for dnsmasq
cat <<'__EOF__' >/etc/dnsmasq.d/custom.conf
neg-ttl=180
max-ttl=600
all-servers
domain-needed
bogus-priv
filterwin2k
server=8.8.8.8
server=8.8.4.4
server=208.67.222.222
server=208.67.220.220
interface=lo
__EOF__

# Remove DNS breaking resolvconf package
apt-get -y remove resolvconf

# Fix DNS resolver settings to use local DNS first with Google and OpenDNS as fallback
# Normally I wouldn't use OpenDNS but I'm giving them new chance now that they stopped
# hijacking NXDOMAIN queries.
cat <<'__EOF__' >/etc/resolv.conf
search asiantuntijakaveri.fi
options timeout:5
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 208.67.222.222
__EOF__

# Don't mess with resolv.conf via /etc/network either
sed -i.bak -e's|dns-|#dns-|g' /etc/network/interfaces

# Restart dnsmasq so our changes are activated
service dnsmasq restart


# Install Netdisco deps
apt-get -y install libdbd-pg-perl libsnmp-perl postgresql pgtune fping

# PostgreSQL configuration for better performance, defaults are good for Pentium Pro at 200MHz
mv /etc/postgresql/9.3/main/postgresql.conf /etc/postgresql/9.3/main/postgresql.conf.old
pgtune -i /etc/postgresql/9.3/main/postgresql.conf.old \
  -o /etc/postgresql/9.3/main/postgresql.conf

# Switch to postgres user and create new SQL user
su - postgres
createuser -DRSP netdisco
# Enter some password here
createdb -O netdisco netdisco

# Switch back to root
exit


# Netdisco install based on instructions from
# https://metacpan.org/pod/App::Netdisco#Installation

# Add new user account for Netdisco
adduser netdisco --shell /bin/bash --disabled-password --gecos netdisco

# Switch to netdisco user and install required perl components under user homedir
su - netdisco
curl -L http://cpanmin.us/ | perl - --notest --local-lib ~/perl5 App::Netdisco

# Create some links
mkdir ~/bin
ln -s ~/perl5/bin/{localenv,netdisco-*} ~/bin/

# Test install
~/bin/netdisco-daemon status

# Config dir
mkdir -p ~/environments/

# Create config file with your postgresql username and password, default SNMP communities etc.
# See examples in ~/perl5/lib/perl5/auto/share/dist/App-Netdisco/environments/deployment.yml
cat <<'__EOF__'>~/environments/deployment.yml
database:
  name: 'netdisco'
  user: 'netdisco'
  pass: 'S3cretForYouAndMe'
safe_password_store: true
snmp_auth:
  - tag: 'default_1'
    community: 'notsopublic'
    read: true
    write: false
  - tag: 'default_2'
    community: 'public'
    read: true
    write: false
schedule:
  discoverall:
     when: '5 1,7,13,19 * * *'
  macwalk:
     when: '35 1,7,13,19 * * *'
  arpwalk:
     when: '45 1,7,13,19 * * *'
  nbtwalk:
     when: '55 1,7,13,19 * * *'
  expire:
     when: '15 23 * * *'
dns:
  max_outstanding: 50
workers:
  tasks: 'AUTO * 5'
__EOF__

# Build initial database
# You will be asked for webui admin credentials etc.
~/bin/netdisco-deploy

# Create script to start Netdisco
cat <<'__EOF__' >~/run-netdisco.sh
#!/bin/bash
~/bin/netdisco-web start
sleep 5
~/bin/netdisco-daemon start
__EOF__
chmod a+x ~/run-netdisco.sh

# Launch it
~/run-netdisco.sh

# Verify functionality with browser by opening http://netdisco.foo.bar:5000/
# Login using admin account just created
# Enter IP of switch or router to add and click discover
# If you have proper SNMP communities and LLDP/CDP settings in place it should discover entire site straight away

# Return to root shell
exit

# Autostart netdisco after reboot
echo "( sudo su - netdisco -c '/home/netdisco/run-netdisco.sh' ) &" >/etc/rc.local


# Following steps are needed only if you don't have SNMP read access to upstream router
# but have Linux server in subnet you want to monitor.

# Enable local SNMP server
apt-get -y install snmpd
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.old
cat <<'__EOF__'>/etc/snmp/snmpd.conf
rocommunity notsopublic
sysservices 79
agentaddress 127.0.0.1
# only listens on lo interface assuming this is same host that Netdisco is running
__EOF__

# Fix logging, otherwise syslog is flooded with bogus errors
sed -i.bak /etc/default/snmpd -e's|Lsd|LS6d|g'

# Restart snmp
service snmpd restart

# Because we don't have SNMP read rights to ISP router we must keep local ARP table populated manually
fping -g 11.22.0.0/23   -b 24 -c 1 -B 1 -p 25 -q -r 1 -t 100

# Discover 127.0.0.1 via Netdisco webui next

# Schedule fping to run slightly before arpnip/arpwalk
cat <<'__EOF__' >>/etc/crontab
     when: '45 1,7,13,19 * * *'
44 1,7,13,19 * * * fping -g 11.22.0.0/23   -b 24 -c 1 -B 1 -p 25 -q -r 1 -t 100 >/dev/null 2>/dev/null
__EOF__

# Restart cron
service cron restart


# Now would be good time to restart server so all changes are applied and to make sure Netdisco 
# will come up after boot.
reboot


# Later to install netdisco updates
# (Take backup first.. of course)

# Switch to netdisco user
sudo su - netdisco

# upgrade Netdisco
~/bin/localenv cpanm --notest App::Netdisco

# apply database schema updates
~/bin/netdisco-deploy

# restart web service
~/bin/netdisco-web restart

# restart job daemon
~/bin/netdisco-daemon restart

2 comments:

  1. Hello,

    I have followed these steps, and when I do the "netdisco-deploy" I am getting the following error:

    netdisco@ubuntu:~$ ~/bin/netdisco-deploy
    Modification of a read-only value attempted at /home/netdisco/perl5/lib/perl5/Dancer/Config.pm line 237.
    BEGIN failed--compilation aborted at /home/netdisco/perl5/lib/perl5/App/Netdisco/Configuration.pm line 4.
    Compilation failed in require at /home/netdisco/perl5/lib/perl5/App/Netdisco.pm line 8.
    BEGIN failed--compilation aborted at /home/netdisco/perl5/lib/perl5/App/Netdisco.pm line 8.
    Compilation failed in require at /home/netdisco/bin/netdisco-deploy line 39.
    BEGIN failed--compilation aborted at /home/netdisco/bin/netdisco-deploy line 39.

    Do you have any idea what could be wrong?

    Thanks in advance.
    Javier

    ReplyDelete
  2. Hi,
    Just in case someone hits the same problem than me, there is a regression in Dancer class. This command did the trick:

    ~/bin/localenv cpanm --force http://cpan.metacpan.org/authors/id/Y/YA/YANICK/Dancer-1.3126.tar.gz

    Regards,
    Javier

    ReplyDelete

Got something to say?!