Table of Contents |
---|
Installation Prerequisites
...
- Copy the opHA tarball to the slave or master NMIS server (a tarball is a GZIP'd tar file, e.g. opHA-1.1.tar.gz)
- You may need to use SCP or FTP to get the file onto the server.
- The file will now likely be in the users home directory.
- If the installation directory does not already exist
- Change into the directory where the tarball was copied
- Untar the fileopHA will be installed into /usr/local/omk
Code Block | ||
---|---|---|
| ||
unalias cp cd ~/usr/local tar xvf ~/opHA-<version>.tar.gz cd opHA/ cp cgi-bin/connect.pl /usr/local/nmis8/cgi-bin/ cp lib/NMIS/Connect.pm /usr/local/nmis8/lib/NMIS # NB! If you get a message about timestamps in the future be sure to fix the clock on the server cd omk/ cp install/nmis/Access.nmis.opha /usr/local/nmis8/install cp install/nmis/Tables.nmis.opha /usr/local/nmis8/install cp install/nmis/Table-Nodes.nmis.opha /usr/local/nmis8/conf/Table-Nodes.nmis cp install/nmis/BusinessServices.nmis /usr/local/nmis8/conf cp install/nmis/Servers.nmis /usr/local/nmis8/conf cp install/nmis/Customers.nmis /usr/local/nmis8/conf cp install/nmis/ServiceStatus.nmis /usr/local/nmis8/conf cp install/nmis/Tenants.nmis /usr/local/nmis8/conf cp install/nmis/Table-* /usr/local/nmis8/conf # Merge your current Access configuration with the opHA access configuration /usr/local/nmis8/admin/updateconfig.pl /usr/local/nmis8/install/Access.nmis.opha /usr/local/nmis8/conf/Access.nmis /usr/local/nmis8/admin/updateconfig.pl /usr/local/nmis8/install/Tables.nmis.opha /usr/local/nmis8/conf/Tables.nmis /usr/local/nmis8/admin/fixperms.pl |
...
cp install/omkd.init.d /etc/init.d/omkd
cp install/opCommon.nmis conf/
cp install/users.dat conf/
chown -R nmis:nmis /usr/local/omk
chkconfig --add omkd
service omkd start |
Verify that the daemon is running:
Code Block |
---|
root@nmis64 script]# service omkd start
Starting omk daemon:
[root@nmis64 script]# ps aux | grep opmantek
root 14949 1.1 3.0 213880 63504 pts/0 S 07:43 0:00 ./opmantek.pl daemon
root 14952 0.0 0.0 103224 864 pts/0 S+ 07:43 0:00 grep opmantek
[root@nmis64 script]# |
If you do not see the daemon running, try this and look for the reason it is not working (skip this if everything above is fine)
Code Block |
---|
cd script
./opmantek.pl daemon
# if that does not give you any errors and runs, CTRL+C and then run
./opmantek.sh
# now grep for the opmantek process again, also check the log files in /usr/local/omk/log |
opHA Authentication Model
opHA has a simple yet strong authentication model, to prevent unwanted access to NMIS data.
The slave The opHA daemon is configured with:
- An NMIS opHA user and password, by default this is an Apache htpasswd file, defined in /usr/local/nmis8omk/conf/users.dat
- An NMIS user, with associated privileges, defined in /usr/local/nmis8/conf/Users.nmis
- An NMIS user The opHA user to use for the authentication policy enforcement, defined per Server in /usr/local/nmis8/conf/ConfigServers.nmis
- Server Community, which the server must use to request data.
The master is configured with (for each slave):
- An NMIS user and password, which needs to match the slave configuration
- A slave/server community, which needs to match the slave configuration.(on the master if they are pulling, for the slaves if they are pushing)
- An IP address list that defines who is allowed to connect to the daemon (depending on the operation a combination of ip address and login credentials is required)
This model enables you to use separate credentials for each slave or the same credentials for each slave, providing for simple configuration, and more secure configuration if required.All communications between master and slave can be done over SSL if required, this is supported by configuring your server HTTPD to support SSL and then configuring the master, slave communications to use HTTPS.
opHA Slave Configuration
This configuration will be done on each NMIS Slave Server. By default, the shared community for a slave is "secret" if you want to change this to something specific you can edit the NMIS Configuration item "slave_community" using your favourite text editor, edit this line and change secret to your desired opHA community string.
...