In the last article, we have seen how to install Dell EMC Networker on CentOS7. There have been some issues with dependencies. In this article, I will install the Networker Management Console on the same server. Prior before installing, we will see the services running when the networker services have been started. Then, I will compare if after installation of the NMC.
Before proceeding to installation, the packages that I will install is :
lgtonmc (Networker Management Console) – Gives you the ability to access the Management Interface or Management console to manage backups.
1. The services running before the installation is as indicated in the screenshot below:
2. In the previous article, I downloaded all the packages. From the directory, I have installed the NMC using the RPM command followed with the execution of the script /opt/lgtonmc/bin/nmc_config. You will be prompted to answer a few questions for the installation. I selected the default answer except to the creation of user for the PostgreSQL database.
3. Now, we can see a bunch of new services is running such as more Java processes and PostgreSQL.
4. Since we installed the NMC on the VM, we should be able to access the console on the same network on the port 9000. My VM is actually configured with the IPAddress 192.168.100.19 and by accessing it on port 9000 will now show me the console.
5. As you can notice on the screenshot above I don’t have Java Runtime enabled on the Mac. So I had to install and enable it. Follow the instructions for the installation by clicking on “Browser, OS, & JRE Requirements”.
6. Once installed and activated, you should be able to access the console by clicking on “Click here to start Management Console”. The prompt to enter username/password should then appear.
The default username is Administrator and password is the one you have set when installing Networker.
7. Follow the instructions to set up the database backup server, authentication server etc.. and at the end, you should be able to reach the console.
Its been since some days, I attended a training on EMC Dell Networker 9 in Mauritius itself. Though not everything can be covered in the training such as the installation of the networker on Linux machines, I decided to install it myself on my lab.
photo credits: dell.com
For those who are not familiar with Networker 9 formerly called Legato NetWorker is an “enterprise-level data protection software product that unifies and automates backup to tape, disk-based, and flash-based storage media across physical and virtual environments for granular and disaster recovery.”. To install it, I created a Centos 7 minimal installation lab on virtual box, made an update and install some few packages such as vim, tcpdump, net-tools, traceroute, epel-repo, locate, atop, htop and wget. These are basic packages for my own use on the VM. It has nothing to do with the Networker installation.
To be able to download the necessary packages, it’s a prerequisite to register on the EMC Dell website first. Once authenticated, you can move on to the download section of the packages. Dell will provide you in a tar.gz all packages for Debian and RHEL as well. Even Avamar packages will be found there. So, you will need to install only the necessary packages. Follow the instructions below after registration on the Dell website and download of the packages and the links highlighted. Once the file has been downloaded and decompressed, you will notice several RPMs and DEBs inside. The one which will be needed for the networker installation are as follows:
lgtoclnt (Networker client) – Provides you the ability to perform file system backup and recovery options.
lgtoxtdclnt (Networker Extended client) – Provides additional feature support for NetWorker clients, such as snapshot backup support, command line utility support including server reporting and administration, cloning and staging support, and so on.
lgtonode (Networker Storage Node) – Provides features for the storage node which will control storage devices such as tape drives, disk devices, autochangers, and silos.
lgtoserv (Networker Server) – Provides you the web server of the Networker portal.
lgtoauthc (Networker Authentication Service) – Authentication layer used for the backup purpose.
lgtoman (Networker Manual) – Its important for the manual. However, it’s not a prerequisite.
Whilst installing these packages, you will notice dependencies problems. See the “Tips” section below for more information. I had to install the Glibc 32-bit package as some of the networker packages might depend on them.
Here is an idea what error message { libc.so.6 is needed by lgtoclnt-9.1.1.7-1.x86_64 } you may have while performing the installation.
This can be confirmed by a yum whatprovides libc.so.6 which is found inside glibc.i686 package
1. At this point, to continue on with the installation I made the following steps:
2. If you are installing the package one by one, you will need to install lgtoauth first before installing lgtoserv. After installation of lgtoauth, it will prompt you to launch the following script:
/opt/nsr/authc-server/scripts/authc_configure.sh
3. It will prompt you where to specify where you have installed the Java Runtime. At the time, I’m writing this article, I’m using Java Runtime 8 from the oracle.com website. Use the following syntax to download it from wget.
4. Once, downloaded and installed, java -version should provide you the runtime environment.
5. Now, you can launch the script /opt/nsr/authc-server/scripts/authc_configure.sh anew and it will prompt you to enter the key store and administrator passwords.
6. Once the installation is complete, you can now run the /etc/init.d/networker daemon and check the process running.
Tips:
The problem is that the GLIBC2.0 symbol is not provided by the x86-64 Libc on CentOS, but it is provided by the 32-bit i686 package. There is no real dependency of the EMC NetWorker 9.1 package on the 32-bit library, but this is probably a false dependency RPM problem. So it is necessary to download the following 32-bit packages from the CentOS website and install them.
If you have installed the JAVA elsewhere, you will need to specify the path launch executing the script /opt/nsr/authc-server/scripts/authc_configure.sh
The installation logs are found at /opt/nsr/authc-server/logs/install.log.
For testing purpose, I deactivated firewalld and disable SELinux.
Project Tabulogs: It will give you the ability to display logs on an HTML tabular format page using Ansible Playbook. Some days back, I shed some ideas, how to use Ansible to create an agentless server inventory with an interesting HTML format. In this post, we will see how to present information on an HTML tabular format logging information from lastlog. You can apply the same principle for any logs and present it to an HTML template. One of the advantage with Ansible is that you can also launch shell commands which allows you to automate several tasks whether remote or local. Many times, I came across non-technical personnel who want to see logins and logouts of staffs on specific servers. The goal of this project is to present accurate and reliable information to non-technical persons in an IT organization. It’s also a way to perused logins and logouts of users more easily.
All right reserved: tunnelix.com
Limitations and Solutions
However, there is some limitation of presenting bulk information such as logs on an HTML page. Imagine having hundreds of servers which could amount more than 20,000 lines. This would make the page impossible to load and may crash on the browser. To remediate this situation, a database such as SQLite could be interesting. Otherwise, AJAX can be used to fetch page by page. Since I’m keeping all information in JSON format in a JavaScript page, I decided to make use of Pagination. A search button will also come handy for all columns and rows.
Now, the thing is how to report that information which keeps on changing? let’s say every month you want to have a report of users connected on your organization’s servers in JSON format that’s too in a JavaScript page. Here is where Ansible comes useful. I created a Playbook to build the JSON array itself and the JavaScript page using the Shell module based on Linux Awk commands. Of course, there are other tasks Ansible will perform such as fetching of the information remotely, updating the HTML page: Example the date the report was created. The directory can then be compressed and send easily to anyone. So, no database needed!!. Cool isn’t it? However, if you want to adopt this system for really huge logs of information, it might work but could be really slow, hence, the need of a database.
I created a simple HTML page which will call the AngularJS to keep the information in a JSON array. The HTML page will be static. However, for your own use, if you want to add some more columns, feel free to edit the section below. It is located at TabuLogs/master/perimeter1/index.html
Since I have used the lastlog from Linux, I called the page “Linux Login Management”. Otherwise, you can also filter any logs such as Apache or secure log. Some modifications will have to be carried out with the awk command or using Ansible Jinja filters.
You can also point a logo on the HTML page and kept in the images folder
The most interesting thing is about the data which is stored in a JSON array. In that particular example, we have information about the hostname, username, login, the time taken, IP Address, Application, and the Perimeter.
The JSON array will be fetched by AngularJS to render the HTML table.
As mentioned previously, if you had tried to load all the JS page into your browser, same would crash, hence, to overcome this situation, pagination comes handy.
Messing around with Linux AWK command and the Ansible Playbook
The Linux AWK command is pretty powerful to concatenate all logs together. The more interesting is the conversion of the logs into JSON format. The playbook is located at TabuLogs/AnsiblePlaybook/AuditLoginLinux.yml
When the Playbook is launched we can see the first AWK will create a file with the hostname of the machine in /tmp and inside that file, the data is comprised of the Hostname, Username, Login, Time-Taken, and IP Address. To get back the logs from the previous month, I used Date=`date +%b -d ‘last month’`
Assuming you have rotated logs for /var/log/wtmp either weekly or monthly or any range, the loop is supposed to find logs for only last month. Now, in case you have kept wtmp logs for years, another method needs to be used to fetch log for the actual year.
Date=`date +%b -d 'last month'`; t=`hostname -s` ; for i in `ls /var/log/wtmp*` ; do last -f $i ; done | grep $Date | awk -v t="$t" '{print t, $1, $4 "-" $5 "-" $6 "-" $7, $9$10, $3 }' | egrep -v 'wtmp|reboot' > /tmp/$t
Once the logs have been created on the remote hosts, it is fetched by ansible and kept on the local server. Consequently, the remote files are destroyed.
We also need to merge all the data into one single file and also removing all blank lines, which is done using the following command:
awk 'NF' /Tabulogs/AnsibleWorkDesk/Servers/* | sed '/^\s*$/d' > /Tabulogs/AnsibleWorkDesk/AllInOne
Assuming that the file located at /Tabulogs/AnsibleWorkDesk/rhel7_application_perimeter contain information about the server, application, and perimeter, the following awk command will append the information to the table created remotely on the hosts.
awk 'FNR == NR {a[$3] = $1 " " $2; next} { if ($1 in a) { NF++; $NF = a[$1] }; print}' /Tabulogs/AnsibleWorkDesk/rhel7_application_perimeter /Tabulogs/AnsibleWorkDesk/AllInOne > /Tabulogs/AnsibleWorkDesk/AllInOneWithPerimeterAndApplication
Example of the format of the table is:
Nginx dev server2Apache prod server1Nginx dev server4
After adding all the data together on a simple table, the following AWK will convert each row into JSON format
After writing at the end of the file, the table.js is now completed.
Everything is assembled using the Ansible playbook. The Playbook has been tested for RedHat 7 servers. I believe it can also be adapted for other environments.
Final result
Here is an idea how will be the final result
Some pieces of information are blurred for security reasons
Future Enhancements
I’m so excited to share this article though I know there are much more improvements that can be done such as:
The awk command can be combined.
Removal of backticks on the shell commands.
shell command like rm -rf will be removed as well using the file module.
Some deprecated HTML tags were used.
Code sanitization.
My future goal is to improve the Ansible Playbook and the source code itself. Maybe someone else has a much better way of doing it. I would be glad to hear more. Please do comment below for more ideas. In case, you believed that some improvements can be done on the Playbook, feel free to send some commits on my GitHub repository or comment below.
As usual, a plan is needed. Consider reading the “tips” section below which might give you some hints.
TIPS:
There is, however, some other limitations with last command. Some arguments will not be present if you are using old utils-linux packages. Consider updating the package to be able to filter the last command easily.
If you can group your servers by some category or environment, it would be helpful.
There will be other versions of the project Tabulogs to create better and fast Ansible playbook. Lets called this one version 1.0
Building from scratch an agentless inventory system for Linux servers is a very time-consuming task. To have precise information about your server’s inventory, Ansible comes to be very handy, especially if you are restricted to install an agent on the servers. However, there are some pieces of information that the Ansible’s inventory mechanism cannot retrieve from the default inventory. In this case, a Playbook needs to be created to retrieve those pieces of information. Examples are VMware tool and other application versions which you might want to include in your inventory system. Since Ansible makes it easy to create JSON files, this can be easily manipulated for other interesting tasks, say an HTML static page. I would recommend Ansible-CMDB which is very handy for such conversion. The Ansible-CMDB allows you to create a pure HTML file based on the JSON file that was generated by Ansible. Ansible-CMDB is another amazing tool created by Ferry Boender.
Photo credits: Ansible.com
Let’s have a look how the agentless servers inventory with Ansible and Ansible-CMDB works. It’s important to understand the prerequisites needed before installing Ansible. There are other articles which I published on Ansible:
1. In this article, you will get an overview of what Ansible inventory is capable of. Start by gathering the information that you will need for your inventory system. The goal is to make a plan first.
2. As explained in the article Getting started with Ansible deployment, you have to define a group and record the name of your servers(which can be resolved through the host file or DNS server) or IP’s. Let’s assume that the name of the group is “test“.
3. Launch the following command to see a JSON output which will describe the inventory of the machine. As you may notice that Ansible had fetched all the data.
Ansible -m setup test
4. You can also append the output to a specific directory for future use with Ansible-cmdb. I would advise creating a specific directory (I created /home/Ansible-Workdesk) to prevent confusion where the file is appended.
Ansible-m setup --tree out/ test
5. At this point, you will have several files created in a tree format, i.e; specific file with the name of the server containing JSON information about the servers inventory.
Getting Hands-on with Ansible-cmdb
6. Now, you will have to install Ansible-cmdb which is pretty fast and easy. Do make sure that you follow all the requirements before installation:
git clone https://github.com/fboender/ansible-cmdbcd ansible-cmdb && make install
7. To convert the JSON files into HTML, use the following command:
ansible-cmdb -t html_fancy_split out/
8. You should notice a directory called “cmdb” which contain some HTML files. Open the index.html and view your server inventory system.
Tweaking the default template
9. As mentioned previously, there is some information which is not available by default on the index.html template. You can tweak the /usr/local/lib/ansible-cmdb/ansiblecmdb/data/tpl/html_fancy_defs.html page and add more content, for example, ‘uptime‘ of the servers. To make the “Uptime” column visible, add the following line in the “Column definitions” section:
Whatever comes after the dot just after ansible_fact.<xxx> is the parent value in the JSON file. Repeat step 7. Here is how the end result looks like.
Photo credits: Ferry Boender
Getting beyond Ansible-cmdb
Now, imagine that you want to include a specific application version (Example VMware tool version ) in the HTML inventory file. As I mentioned in part 4, I created the directory /home/Ansible-Workdesk. This where the “out” and “cmdb” directories have been created.
10. Create another directory called /home/Ansible-Workdesk/other_info/vmwaretool. I use this directory to deposit another JSON file for the VMware tool version after launching a playbook. Here is an extract from my InventoryUsingAnsibleCMDB.yml Playbook.
11. Once the playbook has been executed, you will have identical files name in /home/Ansible-Workdesk/out and /home/Ansible-Workdesk/out/other_info/vmwaretool.
12. However, the content will be different. The one in the “out” directory will contain JSON files about the default Ansible inventory, whilst, the one in the “vmwaretool” directory will contain a JSON file about the VMware tool version having its parent as “vmwareversion“. I change the parent from “stdout_lines” to “vmwareversion” using the set_fact module in Ansible.
13. By now, you are ready to tweak the html_fancy_defs.html again as described in part 9. Both the Column definitions and Column functions need to be appended. Here is the line to be added in the Column definitions section:
In case, you are able to create an Ansible Playbook to create valid JSON files by merging those in the vmwaretool directory to that of the out directory, please comment below. I would like to hear more about it.
With regards to part 3, if direct root access has been disabled on the destination servers, you can use -u <username> which will permit you to connect on the server.
The ansible-cmdb command also allows you to generate CSV file.
Part 10 lays emphasis on a separate JSON file. If you have been able to merge both outputs on the same JSON file that has been created by ansible default inventory please comment below.
The group in the ansible host file can also be added to the server inventory html file. Please see the ansible-cmdb doc for more information.
It is almost two years since I published these articles. I noticed that the concept of Ansible remains the same. Now we have other tools such as Ansible-Galaxy and Ansible-Tower to ease much more of the tasks using this agentless tools. On top of that there is also the possibility to perform agentless monitoring using Ansible. In future articles, I will get into some more details about this such as using Ansible to perform monitoring on servers. The concept remain the same, however, it is important to make sure that the modules used is in conformity of the version of the Ansible. Otherwise, you might end up with deprecated module. The Ansible Playbook’s output will give you an indication on which servers it has failed or succeeded, You will also have access to the <PlaybookName>.retry file which will show you all failed servers.
When using Ansible, always make sure that you are on the official documentation. Each version of Ansible is well documented on the official website
These days I have written some few playbooks. Let’s see some interesting stuff what ansible can do.
Ansible can edit files using the bullet proof approach. Instead of copying files from one destination to the other, we can edit it directly. Here is an extract of one such type of action:
Another interesting way of using the Ansible shell module where you can fire shell command remotely from the Ansible playbook. For example: removing specific users from a specific group using the shell module:
You can also delete specific user along with its home directory:
Do check out my Github Repository to have access to my Ansible Playbooks.
