Category: Linux Application

Install Zabbix with MariaDB PHP7 HTTPD and on Centos7

When it comes to monitoring, one of the famous web application for monitoring is Zabbix. In this article, we will see the basic installation and configuration of a Zabbix machine on a CentOS7. Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs) and cloud services. Zabbix provides monitoring metrics, among others network utilization, CPU load and disk space consumption. It works as a Client/Server model.

Always check the official documentation for installation. The machine has been deployed on a Virtual Box machine with the following configurations:

  • 2048 MB RAM
  • 1 CPU
  • 10GB storage
  • hostname as zabbixserver zabbixserver.local
  • IP Address 192.168.0.30

1. After deploying your machine, always make sure it is up-to-date and begin by installing a web server. I chose Apache httpd which is pretty famous and can be installed pretty easily. Also, consider installing the Epel Repository. After installing the Apache httpd, start the service and set it on auto-restart mode.

yum install epel-release -y
yum install httpd -y
systemctl enable httpd
systemctl start httpd

2. We also need to install PHP. The latest PHP7 can be easily installed through a repository. Also consider other PHP packages that will connect with the database, providing the PHP CLI, MOD PHP for Apache, etc..

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install php72w mod_php72w php72w-common php72w-cli php72w-xml php72w-pear php72w-devel php72w-gd php72w-mysql php72w-mbstring php72w-bcmath 

3. Then, tweak the PHP configuration file (/etc/php.ini) as follows:

max_execution_time = 700
max_input_time = 700
memory_limit = 512M
post_max_size = 64M
upload_max_size = 16M
date.timezone = US/Eastern

Note that: the configuration depends on your location as well as on the sizing of the machines.

4. Let’s now install MariaDB:

yum install mariadb-server -y
systemctl start mariadb
systemctl enable mariadb

5. Configure MariaDB by launching the following command and follow the instruction as shown in the screenshot below:

mysql_secure_installation

6. To access the database you need to launch the command mysql -u root -p. However, you can also define the password in /etc/my.cnf.d/client.cnf under the [client] header enter the password as follows:

password = xxxxx

In this way, you can just launch the mysql command to log in directly to the database.

Consider also to make the database listen-only locally as we are deploying the Zabbix server to interact with the database locally. For that, you need to modify the file /etc/my.cnf and under the [mysqld] header enter the following parameter:

bind-address=127.0.0.1

7. Now, its time to create the database, assign the passwords, and privileges. Connect on the MariaDB database:

create database zabbix_server;
grant all privileges on zabbix_server.* to [email protected]'localhost' identified by 'zabbixpassword';
flush privileges;
quit

8. We will now install the Zabbix Server. I got the repository on the official Zabbix website.

rpm -Uvh https://repo.zabbix.com/zabbix/4.4/rhel/7/x86_64/zabbix-release-4.4-1.el7.noarch.rpm
yum install zabbix-get zabbix-server-mysql zabbix-web-mysql zabbix-agent -y

Note that, we installed both the agent and server on the Zabbix server.

9. We will now configure the Zabbix database by unpacking the tables and the schema in the database that has been created at step 7:

zcat /usr/share/doc/zabbix-server-mysql-4.4.0/create.sql.gz | mysql zabbix_server

If your Zabbix server version is different, find the correct directory.

10. Modify the Zabbix server configuration as follows at /etc/zabbix/zabbix_server.conf:

DBName=zabbix_server
DBUser=zabbixuser
DBPassword=zabbixpassword
DBHost=localhost

11. Restart and Enable the Zabbix Server:

systemctl start zabbix-server
systemctl enable zabbix-server

12. Modify the Zabbix client configuration as follows at /etc/zabbix/zabbix_agentd.conf:

Server=127.0.0.1
ServerActive=127.0.0.1
Hostname=zabbixserver

13. Restart and Enable the Zabbix Agent:

systemctl start zabbix-agent
systemctl enable zabbix-agent

14. Consider restarting all the services:

systemctl restart zabbix-agent
systemctl restart zabbix-server
systemctl restart MariaDB
systemctl restart httpd

15. Add the following firewall rules

firewall-cmd --add-service={http,https} --permanent
firewall-cmd --add-port={10050/tcp,10051/tcp} --permanent
firewall-cmd --reload

For more information about Firewalld, visit the article 35 commands to understand Firewalld in RHEL7 environment.

16. At this stage, if you try to access the following link, it should be accessible:

http://192.168.0.30/zabbix/setup.php

17. Follow the steps and login on your Zabbix machine with username admin and password zabbix.


Setting up a basic mail server with Postfix, Dovecot and MariaDB

Setting up a mail server is very simple if you understand the basic concept. In this blog post, I’m going to focus on the installation of a basic mail server using Postfix (MTA), Dovecot(MDA), and MariaDB. I will explain it stepwise and move along the basics too on this blog post. Also, consider having a VPS or any server with a public IP address ready for the mail server. Some guys for testing purpose, try to hide their dynamic public address using other tools over the internet. I guess you must be ready by now. I am also using an RHEL6 machine for this installation. The concept remains the same in case you want to install on an RHEL7/8 or Ubuntu server machine. Let’s see what are some tools and prerequisites needed for the installation:

Photo credits: postfix.org
Photo credits: postfix.org
  • DNS record for your mail server.
  • Some Firewall rules to be allowed.
  • Postfix (MTA) – A Mail Transfer Agent that permits you to route and delivers electronic mails. Postfix is both an SMTP server and an SMTP agent.
  • Dovecot (MDA) – A Mail Delivery Agent that primarily used as a mail storage server. It is a secure IMAP and POP3 server. It can also act as a mail proxy server.
  • MariaDB – A database server where you will store the users, domains, and aliases.

Now, in the real world, this is not the case as we need other accessories to enhance security, robustness, and integrity. Implementation of Dovecot with MariaDB w/ SASL interconnection for the mail server. DKIM, DANE, SPF, and DMARC are other accessories that need to be used. I will get in detail about those terms in future articles. In this article, I will focus on a classic basic mail server.

Adding the DNS record

1. You will need to add an ‘A’ DNS record, followed by an ‘MX’ record. I blurred the IP Address here for security purposes.

Some Firewall rules here

2. You will also need to allow IMAP (143) and SMTP(25) on the machine

iptables -I INPUT -p tcp -s 100.100.100.100 --dport 143 -j ACCEPT
iptables -I INPUT -p tcp -s 100.100.100.100 --dport 25 -j ACCEPT

3.  SSH on your server, add an entry in your /etc/hosts file. Example:

100.100.100.100 mail.tunnelix.com

Postfix configuration and installation

4. Install the Postfix using the following command:

yum install postfix

5. Now, the configuration to modify at the /etc/postfix/main.cf are as follows:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.tunnelix.com
mydomain = tunnelix.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no

6. Launch the following command:

postfix reload && /etc/init.d/postfix restart

7. A netstat -ntpl should show port 25 is listening on all IP Addresses.

8. A telnet mail.tunnelix.com should prompt you the following:

Notice the ESMTP Postfix after doing the telnet which means that the Postfix server is up.

9. At this level, you should able to send yourself an e-mail from your Gmail which proves that your Postfix is working pretty fine.

10. The mailbox is located in the directory /Maildir. Let’s say you have a user called ‘Tom’ and you have sent the mail to [email protected], then you should get the mail in /home/tom/Maildir.

Dovecot installation and configuration

11. Perform the installation of the dovecot package and its dependencies:

yum install dovecot

12. Edit the /etc/dovecot/dovecot.conf file and set up the following parameter:

listen = *,

13. Edit the /etc/dovecot/conf.d/10-auth.conf and set up the following parameter:

disable_plaintext_auth = no

auth_mechanisms = plain login

14. Edit the /etc/dovecot/conf.d/10-mail.conf and set up the following parameter:

mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u

mail_privileged_group = mail

15. Okay, at this stage, you should see that the dovecot service is running and telnet localhost on port 143 should show you ‘Dovecot Ready’.

Testing your mail system

16. You can test your outgoing mail as follows:

echo “This is a test” | sudo mail -s “This is a test” [email protected] -aFrom:[email protected]

17. For incoming mail check in the following directory directory:

/var/spool/mail/vhosts

Tips:

  • Some terms to grasp are important to understand the basics behind mail transmission/reception.
    1. MUA (Mail User Agent – A software used for mail message retrieval, commonly known as an email client, such as mutt, Evolution, and Thunderbird ),
    2. MTA (Mail Transfer Agent is a software that transfers mail from one device to another using  SMTP.
    3. MDA (Mail Delivery Agent is another software component that helps with the delivery of email.
Credits: ccm.net

Note: This type of Mail configuration is for Learning purposes only. Do not apply to the production environment without considering security implications. In future articles, I will explain an example of how to secure your mail using DANE, DMARC, SPK, and DKIM.


Deploy AWS EC2 instances using Ansible

We have seen in the past how to use Terraform to deploy AWS EC2 instance. But, this is also possible using Ansible. In this blog post, we will focus on the deployment of AWS EC2 instance using Ansible. I assume that you have already been to the basics installation of Ansible and basic playbook creation. Here are some links on tunnelix.com on Ansible. Please consider visiting them if you have any doubt. I assume that you have already install Ansible on your machine and know the basics of Ansible Playbook creation.

Setup the AWS IAM Account

1. Start by creating an AWS user account through the AWS IAM. Go to IAM, then click on USER, then click on ADD USER:

2. Once you have click on the ADD USER, Enter a name and tick on PROGRAMMATIC ACCESS, click on NEXT: PERMISSIONS

3. On the following page, Create a group, I have created one called ‘Ansible’ then attached the user to the group. After that click on ATTACH EXISTING POLICIES DIRECTLY’, then search for AMAZONEC2FULLACCESS and tick it and click on NEXT: TAGS.

4. Click on Next, add the tags and click on ‘CREATE USER’.

5. Consider downloading the credential.csv file by clicking on Download .csv

6. Consider also creating a key pair

Some installations and configurations on the Ansible controller

7. Now, on your Linux controller, we will need some Python modules to interact with AWS. Assuming you have already installed Ansible, consider installing python-pip:

yum install python-pip

8.  Let’s now install the AWS CLI

yum install awscli

9. Sync the clock of the VM to prevent any error

hwclock -s

10. Configure your AWS CLI

aws configure

It will prompt you to enter the AWS Access Key ID, secret key, etc. Just enter the information. Example:

[[email protected] ~]# aws configure

AWS Access Key ID [****************GYGY]: AKIA5xxxxxxxxxx
AWS Secret Access Key [****************458q]: EvEd55xxxxxxxxxx
Default region name [us-east-1]:
Default output format [json]: 

11. Create the following file: /home/.boto

[Credentials]
aws_access_key_id = AKIAxxxxxxxxxxxxx
aws_secret_access_key = xc3xxxxxxxxxxx

12. The following command should test your AWS credentials

aws get sts-caller-identity

13. Install the boto Python module. The boto python module will talk with the AWS CLI to authenticate on aws.

pip install boto 

Creating the Playbook and Deploying the AWS EC2 Instance

14. Now, let’s create a playbook as follows in /home/AWSTask.yml

- name: EC2 Instance creation
  hosts: localhost
  connection: local
  tasks:
  - name: Launching the EC2 instance
    ec2: 
      instance_type: t2.nano
      key_name: ansible
      image: ami-0b69ea66ff7391e80
      region: us-east-1
      group: default
      count: 1
      vpc_subnet_id: subnet-ef9179a4
      wait: yes
      assign_public_ip: yes

You can also access it on my Ansible Github repository.

15. Simply launch the Playbook

ansible-playbook AWSTask.yml

16. As you can see below, the EC2 instance has been created.


Puppet already installed ? What Next ? – Part 1

A few days back, we have seen the installation of the Puppet server and Puppet Agent on the RHEL7 environment. In this article, we will focus on the technical part to administer and write manifests in the Puppet server to instruct the Agent. If you landed directly in this article, consider viewing the 10 steps to install the Puppet configuration management tool before continuing further in this article. Otherwise, I invite you all to continue on in this discovery of what Puppet is capable of.

All manifests will be available on the My-Puppet-Manifests Github repository.

The first keyword that someone should be familiar with is “resource”. In Puppet everything is a resource. The second keyword is “manifest”. To instruct the Puppet server, we have to write a file with the extension ‘.pp’ and it is called a manifest.

1. To check what are the resources in Puppet, you can use the following command:

puppet resource --type

2. You will notice a lot of resources. Let’s say you want to get more details about the resource called ‘file’, use the following command

puppet describe file

3. Let’s do something locally. let’s create a file in /tmp called test.txt. Create a file called file.pp as follows:

file {'/tmp/test.txt':

        ensure=> file,

        content=> "My first puppet file",

}

This is very simple to grasp. ‘file’ here is an attribute, the /tmp/test is a ‘content’ and ensure is the ‘attribute’. The content inside the attribute is the ‘value’.

4. To apply it with puppet locally use the following command:

puppet apply file.pp

You would notice that the file has already been created in the /tmp directory with the content as well.

5. If you want to remove the file use puppet apply file.pp but instead of ensure => file use ensure => absent.

file {'/tmp/test.txt':

 ensure=> absent,

 content=> "My first puppet file",

}

6. In the same manner, if you want to create a directory instead, use ensure => directory.

7. You can also check if you have any syntax error in your Manifest by using the following command:

puppet parser validate file_absent.pp

8. You can also create a user and at the same time add it in the same playbook of that of file. For example:

file {'/tmp/test.txt':

 ensure=> file,

 content=> "My first puppet file",

}

user {'tom':

 ensure=> present,

}

9. The idea is to look at the documentation and understand the parameter for a certain module, for example, the module ‘user’ with the command ‘puppet describe user‘ and you will notice that you can also create the home directory and specify the shell.

user {'harry':

 ensure=> present,

 comment=> "Harry Bell",

 shell=> '/sbin/nologin',

 home=> "/home/harry",

}

10. Another interesting resource is ‘service’:

service{ 'sshd.service':

 ensure=> 'running',

 enable=> 'true',

}

At this stage, it should be very clear how to create puppet manifest and execute locally. I create a Github repository to store all the Puppet Manifests. In the next blog post on Puppet, I will share more details. If you like it do comment below 🙂


10 steps to install Puppet configuration management tool

Some days ago a guy asked me why I do not blog anything on Puppet configuration management tool and prefer Ansible over Puppet. True it is that I prefer Ansible because it is agentless and very easy to use. However, we agreed that there are certain situations that Puppet wins over Ansible. I decided to blog about this configuration management tool so as to enhance my knowledge and that of my readers. Puppet provides several services such as Windows automation, cloud management, configuration management, etc. However, in this blog post, we will talk about puppet as a configuration management tool. Puppet provides the ability to define which software and configuration a system requires and then maintain a specified state after the initial setup. The nodes that Puppet control must have the Puppet agent installed. In this blog post, we will focus on the installation of the Puppet Server and the Agent as well.

1. For that, I created two VMs (puppet-server and puppet-client) on my Virtual Box labs which are Puppet-Server and Pupper-Client. I have also mentioned each hostname and IP Address in the /etc/hosts file of each server.

2. You can get the repository on yum.puppetlabs.com. I downloaded it with the following commands on both servers:

rpm -Uvh https://yum.puppetlabs.com/puppet-release-el-7.noarch.rpm

3. On the puppet-server, install the puppet-server package.

yum install puppetserver

4. Since I am on a virtual machine with very low memory assigned, I tweak the memory Xms and Xmx value (heap size). The Xms is the initial minimum heap size when the service start whilst the Xmx is the maximum heap size. On the puppet-server, I edited the file /etc/sysconfig/puppetserver and change the heap value to this:

JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

5. Add the puppet binary to your environment. I edited the bash_profile file for that.

PATH=$PATH:$HOME/bin:/opt/puppetlabs/bin

Also launched the following command:

source bash_profile

6. Also, install the puppet-agent on the puppetclient machine.

yum install puppet-agent -y

7. On the puppetserver, you can start the service with the following command:

systemctl start puppetserver

8. And, on the puppetclient you can start the service as follows:

systemctl start puppet

9. Now, that we have seen how to install the Puppet server and the agent. Let’s now see other directories related to Puppet.

  • /etc/puppetlabs/puppet – contain several configuration files
  • /etc/puppetlabs/puppet/ssl – contain the certificate
  • /etc/sysconfig/puppetserver – file that contain the java configuration such as heap size, start timeout etc.
  • /etc/puppetlabs/code/environments/production – Default production environment available to write the codes.

10. In Puppet, whatever instructions you give the Puppet agent is called a ‘resource’. This is the fundamentals to write the manifest where instructions are given to manage Puppet. To know the resources available you need to launch the following command:

puppet resource --type

11. To understand the syntax of the resource, for example, the resource ‘file’, use the following command:

puppet describe file

In the next article, I will describe how to use the Puppet configuration management tool to administer or to instruct the puppet agent to perform specific tasks. Remember, Puppet file extension ends with ‘.pp’ and I will focus a lot more on that. At the same time, this is a good way to refresh my memory when using Puppet. I hope you liked this article when it comes to the basic installation and configuration when using Puppet.