Installation Guide - Red Hat Enterprise Linux
Before you start
- For supported Red Hat Enterprise Linux releases please refer to platforms.
- Please ensure perl 5.8.8-15.el5_2.1 or newer is installed to resolve a performance problem.
Planning
See our design notes for further information on planning for separate database servers, disk partitioning and security.
SELinux
Opsview is not currently compatible with Security-Enhanced Linux extensions, this must be disabled.
Edit /etc/selinux/config and restart system:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. # SELINUXTYPE=targeted
Preparation
Prerequisites
See the installation prerequisites information to setup users, groups and MySQL.
Redhat repositories
For RHEL6 the Red Hat Optional Server 6
repositories must be enabled via RHN.
- Log in
- Select RHEL6 system name
- Alter channel subscription to include “RHEL Server Optional (v. 6 for xx-bit)”
Alternatively, you can run the command (depending on your architecture):
rhn-channel --add --channel="rhel-x86_64-server-optional-6" -u rhn-username -p rhn-password rhn-channel --add --channel="rhel-i386-server-optional-6" -u rhn-username -p rhn-password
Dependencies
Opsview depends on libmcrypt
being installed.
RHEL5 x86-64:
rpm -iv http://dl.fedoraproject.org/pub/epel/5/x86_64/libmcrypt-2.5.7-5.el5.x86_64.rpm
RHEL6 x86-64:
rpm -iv http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-2.5.8-9.el6.x86_64.rpm
Opsview repositories
Then, use your favourite editor to create the file /etc/yum.repos.d/opsview.repo
containing the following lines:
[opsview] name = Opsview baseurl = http://downloads.opsview.com/opsview-core/latest/yum/rhel/$releasever/$basearch enabled = 1 protect = 0 gpgcheck = 0
Installation
Once the repositories have been updated to include the Opsview yum repository, the latest release of Opsview can be installed by running the following command as root.
yum install opsview
Note: if rrdtool is > 1.3, then you will also need to install
- dejavu-lgc-fonts
After the installation is complete
After the Opsview packages have been installed, it is necessary to configure Opsview and its databases.
1. Ensure the MySQL root password has been set to a known value:
mysqladmin -u root password {password}
If you get an error like:
error: 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'
Then mysql has not been started. Start it with
/etc/init.d/mysqld start
and ensure it is set to start at boot time with chkconfig –level 345 mysqld on
.
See the Mysql setup page for more general mysql settings.
2. Ensure the nagios user's environment is set up correctly. Opsview will try to set the correct profile, but check that the following line is in the profile script, depending on your shell (e.g. .profile
for bourne or korn shell, .bash_profile
or .bashrc
for bash shell):
test -f /usr/local/nagios/bin/profile && . /usr/local/nagios/bin/profile
3. The rest of the steps should be performed as the nagios
user
su - nagios
4. Edit the opsview configuration file and amend the password as you see fit to secure the system (those passwords that should be changed as they are set to changeme by default). Note that any service checks for MySQL systems will also require the default password of changeme to be amended.
Note: Do not use any funny shell characters in the password, such as $
or !
.
vi /usr/local/nagios/etc/opsview.conf # change passwords in this file
5. Set up the Opsview mysql database users with the necessary permissions
/usr/local/nagios/bin/db_mysql -u root -p{mysql root password}
6. Install the required databases
/usr/local/nagios/bin/db_opsview db_install /usr/local/nagios/bin/db_runtime db_install
7. Generate all the necessary configuration files:
/usr/local/nagios/bin/rc.opsview gen_config
8. You can now start up the web application server:
/etc/init.d/opsview-web start
The Opsview server is now listening on port 3000, i.e. http://opsview.example.com:3000/
/usr/local/nagios/etc/opsview.conf
, add the following and change the secret value to be a unique string:
$authtkt_shared_secret = "shared-secret-please-change";
Restart Opsview Web for this value to take effect: /etc/init.d/opsview-web restart
.
Using Apache as a proxy server
The performance of Opsview will be significantly improved by using Apache at the front end. All the following commands should be run as root
.
1. Edit the apache configuration files and enable proxy_html
cd /etc/httpd/conf vi httpd.conf Ensure the line "LoadModule proxy_http_module modules/mod_proxy_http.so" is uncommented
2. For Opsview versions since 20131125, create /etc/httpd/conf.d/opsview:
<VirtualHost *>
Include /usr/local/opsview-web/etc/apache_proxy.conf
</VirtualHost>
For previous versions, copy in the example Apache configuration file and edit to suite your needs:
cd /etc/httpd/conf.d cp /usr/local/nagios/installer/apache_proxy.conf opsview.conf vi opsview.conf
Then, edit the Apache configuration file so that the same shared secret is used:
TKTAuthSecret "shared-secret-please-change"
You may need to comment out the DocumentRoot variable in /etc/httpd/conf/httpd.conf.
3. Amend the apache web server user group membership to include nagcmd
group
usermod -G nagcmd apache
Check to ensure the apache
user is correct for your web software.
If you use a centralised user management system, you may need to amend /etc/group
manually. To test that the permissions are set correctly, run id apache
and look for the nagcmd
group.
4. Restart Apache
/etc/init.d/httpd restart
You can now access Opsview at http://your.server/
Logging in
Once Opsview has been installed, a single administrative user will have been created. The credentials for this user are:
username: admin password: initial
You should change this password to prevent unauthorised access to Opsview - this can be done from 'Administrator' link in the top right of the page.
See the quick start guide for an introduction to Opsview
Troubleshooting
Apache: 503 server temporarily unavailable
If you try to connect to: “http://your.server/” you may be greeted with a 503 server temporarily unavailable error. Go to the command line and enter:
setsebool -P httpd_can_network_connect=1
Try navigating to that address again.
Automatic dependencies
Yum should automatically work out all dependencies when installing Opsview, but in the event that installing the opsview
package does not also bring in opsview-base
, opsview-perl
, etc then follow these steps
- Ensure
yum-updatesd-helper
is not running yum remove opsview
yum clean all
yum makecache
Running yum deplist opsview
should now show the correct dependencies and allow opsview
to be installed correctly.