SLUUG Wiki

We're starting with a running Debian 6.0.3 box fully configured. This particular box is running shorewall in a Three-Interface Firewall configuration. SSH is running on all "networks", and DHCP is running on the local network. A un-configured Nagios Core is running on this machine as well with web server.

What is OneCMDB?

OneCMDB is a Configuration Management Database (CMDB) tool, that includes Nagios configuration, and NMAP discovery tools to populate the Database. If you are curious about the mechanics of OneCMDB check out their site.

http://www.OneCMDB.org

What is a CMDB?

Well real simple, CMDB keeps track of all items that are in an IT infrastructure. This includes things like the Servers, PCs, Applications, People, Organizations, Locations and their relationships. OneCMDB is designed to be an ITIL compliant CMDB. Technical - OneCMDB is a self contained Tomcat, DBMS, Java Application.

• To begin we will need to download OneCDMB. You might verify that this is the up to date version.

$wget http://sourceforge.net/projects/onecmdb/files/onecmdb%20%28latest%20version%29/2.1.0/onecmdb-2.1.0-linux.i386.tar.gz

• Extract the the files

$tar -xzf onecmdb-2.1.0-linux.i386.tar.gz

• Move folder to /srv/

$sudo mv ./onecmdb /srv

• Create system user to run OneCMDB as

$sudo useradd -r -d /srv/onecmdb -s /bin/false onecmdb

• Chown the onecmdb dir

$sudo chown -R onecmdb:onecmdb /srv/onecmdb

• Before starting OneCMDB, we are going to change the hard coded admin account and password from its default and remove an un-need hard coded user. To do this you will need to edit the boot-up configuration xml file.

$sudo vim ./onecmdb/tomcat/webapps/ROOT/WEB-INF/classes/onecmdb.xml

• There are two lines we need to adjust. You can use "/admin" to have vim search and find the line.

 <!-- Configuarting inition beans -->
        <bean id="initSession" class="org.onecmdb.core.internal.session.Session">
                <constructor-arg value="admin" />
                <constructor-arg value="123" />
                <constructor-arg ref="onecmdb" />

        </bean>



        <bean id="initScope" class="org.onecmdb.core.utils.xml.BeanScope">
                <property name="beanProvider">
                        <ref bean="defaultProvider" />
                </property>
                <property name="validation" value="false"/>
        </bean>

Change the value for "constructor-arg value" to be = to the user name and password of your choice. Example:

        <bean id="initSession" class="org.onecmdb.core.internal.session.Session">
                <constructor-arg value="fyiGuyAdmin" />
                <constructor-arg value="fyiGuysPassword" />
                <constructor-arg ref="onecmdb" />

• The next place change (be sure the data matches)

 <!-- In Memory                                                           -->
        <!-- =================================================================== -->

        <bean id="memoryAuthenticationDao" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
            <property name="userMap" >
                    <value>
               kalle=123,ROLE_USER
               admin=123,ROLE_USER,ROLE_ADMIN
            </value>
                </property>
        </bean>

Change admin to your user name defined prior, and the 123 to the password you defined prior. You can completely delete the kalle line. Example (Based on previous example):

 <!-- In Memory                                                           -->
        <!-- =================================================================== -->

        <bean id="memoryAuthenticationDao" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
            <property name="userMap" >
                    <value>
               fyiguyAdmin=fyiGuysPassword,ROLE_USER,ROLE_ADMIN
            </value>
                </property>
        </bean>

• Start service as onecmdb user

$sudo sudo -u onecmdb /srv/onecmdb/bin/onecmdb.sh start

_{OneCMDB can be stopped by using the same script with the stop argument (onecmdb.sh stop)}

As a final step, we will modify shorewall to allow for 8080 connections.

• Modify macro.HTTP to include port 8080

$sudo vim /usr/share/shorewall/macro.HTTP

Modify macro.HTTP to look like below -

#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
#                               PORT(S) PORT(S) LIMIT   GROUP
PARAM   -       -       tcp     80
#Custom modified for port 8080
PARAM   -       -       tcp     8080

• Refresh shorewall to process new rules

$sudo shorewall refresh

You should now be able to see and log on to OneCMDB at http://domain:8080.

OneCMDB is now functional and no further modification need be done. However, the following configurations are helpful.

I haven't determined the best way of doing this yet. It comes to mind to use the daemon function in the rc.local file. I'm not experienced enough to say this is a sound or feasible solution.

Feel free to send your solutions to Noah.

Why?/What?

Currently OneCMDB is running on the default tomcat port (8080), but you may want to have apache(httpd) handle all web requests and block port 8080. Or even better; you may be attempting to access OneCMDB behind a firewalled network that doesn't allow any traffic to be passed in/out on port 8080. Mod_Jk, creates a way for apache to forward specified requests to tomcat. It also appears with some advanced configuration, this can be a large performance boost. We will not cover this application.

_{Disclaimer: I'm not very experienced with this configuration, or Java applications such as this. So I'm still working on a bit more robust solution. If you have any advice please feel free to update me.}

We will be using the same box we just installed OneCMDB on, and assuming you installed OneCMDB to the /srv directory.

• Install Mod_Jk

$sudo aptitude install libapache2-mod-jk

• We will need to create the worker.properties in the apache homedir

$sudo vim /etc/apache2/worker.properties

_{The worker.properties file defines the workers which are like listeners for apache. The worker will translate requests from apache to tomcat for us.}

Here is an example. You can copy the examples, just be sure to be consistent in using the examples.

#Workers.properties file for OneCMDB

#Env variables
workers.tomcat_home=/srv/onecmdb/tomcat
workers.java_home=/srv/onecmdb/jre


#workers list

worker.list=onecmdb

#workers definition
#       Default AJP13 port is 8009
worker.onecmdb.port=8009

# host should be the IP or host name of the backend tomcat instance
worker.onecmdb.host=lancen.mdns.org

# Worker type AJP13, AJP14 or lb
worker.onecmdb.type=ajp13

• Next we need to add a listener to the tomcat config - /srv/onecmdb/tomcat/conf/server.xml

$sudo vim /srv/onecmdb/tomcat/conf/server.xml

We will add the listener at the very bottom, just after the closing host tag. Edit your server.xml to have the following <Listener…./> tag.

  </Host>
      <Listener className="org.apache.jk.config.ApacheConfig" modJk="/usr/lib/apache2/modules/mod_jk.so"
                workersConfig="/etc/apache2/workers.properties"/>

    </Engine>

  </Service>

</Server>

• At this point we are ready to stop apache and tomcat.

It is important that you note, from now on you most always stop tomcat after apache, and start tomcat prior to apache.

$sudo /etc/init.d/apache stop
$sudo /srv/onecmdb/bin/onecmdb.sh stop

We'll start tomcat back up, but leave apache stopped for now. (remember to start it as onecmdb user)

$sudo sudo -u onecmdb /srv/onecmdb/bin/onecmdb.sh start

tomcat should now have created a mod_jk.conf file in /srv/onecmdb/tomcat/conf/auto/mod_jk.conf We want to modify mod_jk.conf to use our new worker, and make it a public virtual host.

• Please adjust your mod_jk.conf to look like this:

########## Auto generated on Mon Nov 21 20:40:12 CST 2011##########

<IfModule !mod_jk.c>
  LoadModule jk_module "/usr/lib/apache2/modules/mod_jk.so"
</IfModule>

JkWorkersFile "/etc/apache2/workers.properties"
JkLogFile "/srv/onecmdb/tomcat/logs/mod_jk.log"

JkLogLevel emerg

NameVirtualHost=*:80

<VirtualHost *:80>
    ServerName yourserver_FQDN
    DocumentRoot /srv/onecmdb/tomcat/webapps

    JkMount /onecmdb-modeller onecmdb
    JkMount /onecmdb-modeller/* onecmdb

    JkMount /host-manager onecmdb
    JkMount /host-manager/* onecmdb

    JkMount /onecmdb-desktop onecmdb
    JkMount /onecmdb-desktop/* onecmdb

    JkMount /itil onecmdb
    JkMount /itil/* onecmdb

    JkMount /manager onecmdb
    JkMount /manager/* onecmdb
</VirtualHost>

Notice we add a DocumentRoot directive to where OneCMDB stores the application piece of it and a ServerName directive. We've also adjusted our <VirtualHost> directive to use *:80 and added a NameVirtualHost=*:80 directive to match. You could modify this accordingly to your server details. In my case I used IP based.

Next we need to modify the apache.conf (httpd.conf) to include the mod_jk.conf file

• Modify /etc/apache2/apache.conf to have an include and any required/wanted mod_jk Global configurations.

# Include mod-Jk configs for OneCMDB
Include /srv/onecmdb/tomcat/conf/auto/mod_jk.conf

# Where to find workers.properties - OneCMDB already includes this in mod_jk.conf
#JkWorkersFile /etc/apache2/workers.properties

# Where to put jk logs
JkLogFile /var/log/apache2/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

At this point we are ready to see if it works.

• Start apache and hope for no errors

$sudo /etc/init.d/apache start

Hopefully there are no errors!

If you have suggestions please feel free to send them to Noah.

Home | Back