We're starting with a running Debian 6.0.3 box fully configured. This particular box is running shorewall in a Three-Interface Firewall configuration. SSH is running on all "networks", and DHCP is running on the local network. A un-configured Nagios Core is running on this machine as well with web server.
What is OneCMDB?
OneCMDB is a Configuration Management Database (CMDB) tool, that includes Nagios configuration, and NMAP discovery tools to populate the Database. If you are curious about the mechanics of OneCMDB check out their site.
What is a CMDB?
Well real simple, CMDB keeps track of all items that are in an IT infrastructure. This includes things like the Servers, PCs, Applications, People, Organizations, Locations and their relationships. OneCMDB is designed to be an ITIL compliant CMDB. Technical - OneCMDB is a self contained Tomcat, DBMS, Java Application.
$tar -xzf onecmdb-2.1.0-linux.i386.tar.gz
$sudo mv ./onecmdb /srv
$sudo useradd -r -d /srv/onecmdb -s /bin/false onecmdb
$sudo chown -R onecmdb:onecmdb /srv/onecmdb
$sudo vim ./onecmdb/tomcat/webapps/ROOT/WEB-INF/classes/onecmdb.xml
<!-- Configuarting inition beans --> <bean id="initSession" class="org.onecmdb.core.internal.session.Session"> <constructor-arg value="admin" /> <constructor-arg value="123" /> <constructor-arg ref="onecmdb" /> </bean> <bean id="initScope" class="org.onecmdb.core.utils.xml.BeanScope"> <property name="beanProvider"> <ref bean="defaultProvider" /> </property> <property name="validation" value="false"/> </bean>
Change the value for "constructor-arg value" to be = to the user name and password of your choice. Example:
<bean id="initSession" class="org.onecmdb.core.internal.session.Session"> <constructor-arg value="fyiGuyAdmin" /> <constructor-arg value="fyiGuysPassword" /> <constructor-arg ref="onecmdb" />
<!-- In Memory --> <!-- =================================================================== --> <bean id="memoryAuthenticationDao" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap" > <value> kalle=123,ROLE_USER admin=123,ROLE_USER,ROLE_ADMIN </value> </property> </bean>
Change admin to your user name defined prior, and the 123 to the password you defined prior. You can completely delete the kalle line. Example (Based on previous example):
<!-- In Memory --> <!-- =================================================================== --> <bean id="memoryAuthenticationDao" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap" > <value> fyiguyAdmin=fyiGuysPassword,ROLE_USER,ROLE_ADMIN </value> </property> </bean>
$sudo sudo -u onecmdb /srv/onecmdb/bin/onecmdb.sh start
OneCMDB can be stopped by using the same script with the stop argument (onecmdb.sh stop)
As a final step, we will modify shorewall to allow for 8080 connections.
$sudo vim /usr/share/shorewall/macro.HTTP
Modify macro.HTTP to look like below -
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 80 #Custom modified for port 8080 PARAM - - tcp 8080
$sudo shorewall refresh
You should now be able to see and log on to OneCMDB at http://domain:8080.
OneCMDB is now functional and no further modification need be done. However, the following configurations are helpful.
I haven't determined the best way of doing this yet. It comes to mind to use the daemon function in the rc.local file. I'm not experienced enough to say this is a sound or feasible solution.
Feel free to send your solutions to Noah.
Currently OneCMDB is running on the default tomcat port (8080), but you may want to have apache(httpd) handle all web requests and block port 8080. Or even better; you may be attempting to access OneCMDB behind a firewalled network that doesn't allow any traffic to be passed in/out on port 8080. Mod_Jk, creates a way for apache to forward specified requests to tomcat. It also appears with some advanced configuration, this can be a large performance boost. We will not cover this application.
Disclaimer: I'm not very experienced with this configuration, or Java applications such as this. So I'm still working on a bit more robust solution. If you have any advice please feel free to update me.
We will be using the same box we just installed OneCMDB on, and assuming you installed OneCMDB to the /srv directory.
$sudo aptitude install libapache2-mod-jk
$sudo vim /etc/apache2/worker.properties
The worker.properties file defines the workers which are like listeners for apache. The worker will translate requests from apache to tomcat for us.
Here is an example. You can copy the examples, just be sure to be consistent in using the examples.
#Workers.properties file for OneCMDB #Env variables workers.tomcat_home=/srv/onecmdb/tomcat workers.java_home=/srv/onecmdb/jre #workers list worker.list=onecmdb #workers definition # Default AJP13 port is 8009 worker.onecmdb.port=8009 # host should be the IP or host name of the backend tomcat instance worker.onecmdb.host=lancen.mdns.org # Worker type AJP13, AJP14 or lb worker.onecmdb.type=ajp13
$sudo vim /srv/onecmdb/tomcat/conf/server.xml
We will add the listener at the very bottom, just after the closing host tag. Edit your server.xml to have the following <Listener…./> tag.
</Host> <Listener className="org.apache.jk.config.ApacheConfig" modJk="/usr/lib/apache2/modules/mod_jk.so" workersConfig="/etc/apache2/workers.properties"/> </Engine> </Service> </Server>
It is important that you note, from now on you most always stop tomcat after apache, and start tomcat prior to apache.
$sudo /etc/init.d/apache stop $sudo /srv/onecmdb/bin/onecmdb.sh stop
We'll start tomcat back up, but leave apache stopped for now. (remember to start it as onecmdb user)
$sudo sudo -u onecmdb /srv/onecmdb/bin/onecmdb.sh start
tomcat should now have created a mod_jk.conf file in /srv/onecmdb/tomcat/conf/auto/mod_jk.conf We want to modify mod_jk.conf to use our new worker, and make it a public virtual host.
########## Auto generated on Mon Nov 21 20:40:12 CST 2011########## <IfModule !mod_jk.c> LoadModule jk_module "/usr/lib/apache2/modules/mod_jk.so" </IfModule> JkWorkersFile "/etc/apache2/workers.properties" JkLogFile "/srv/onecmdb/tomcat/logs/mod_jk.log" JkLogLevel emerg NameVirtualHost=*:80 <VirtualHost *:80> ServerName yourserver_FQDN DocumentRoot /srv/onecmdb/tomcat/webapps JkMount /onecmdb-modeller onecmdb JkMount /onecmdb-modeller/* onecmdb JkMount /host-manager onecmdb JkMount /host-manager/* onecmdb JkMount /onecmdb-desktop onecmdb JkMount /onecmdb-desktop/* onecmdb JkMount /itil onecmdb JkMount /itil/* onecmdb JkMount /manager onecmdb JkMount /manager/* onecmdb </VirtualHost>
Notice we add a DocumentRoot directive to where OneCMDB stores the application piece of it and a ServerName directive. We've also adjusted our <VirtualHost> directive to use *:80 and added a NameVirtualHost=*:80 directive to match. You could modify this accordingly to your server details. In my case I used IP based.
Next we need to modify the apache.conf (httpd.conf) to include the mod_jk.conf file
# Include mod-Jk configs for OneCMDB Include /srv/onecmdb/tomcat/conf/auto/mod_jk.conf # Where to find workers.properties - OneCMDB already includes this in mod_jk.conf #JkWorkersFile /etc/apache2/workers.properties # Where to put jk logs JkLogFile /var/log/apache2/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel info # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T"
At this point we are ready to see if it works.
$sudo /etc/init.d/apache start
Hopefully there are no errors!
If you have suggestions please feel free to send them to Noah.