Thursday, 21 April 2016

Docker container for Nagios

Docker container for Nagios
Full Description

docker-nagios

Docker container for Nagios 4.1.1
"Nagios Is The Industry Standard In IT Infrastructure Monitoring. Achieve instant awareness of IT infrastructure problems, so downtime doesn't adversely affect your business.Nagios offers complete monitoring and alerting for servers, switches, applications, and services."

Install dependencies

To install docker in Ubuntu 15.04 use the commands:
$ sudo apt-get update
$ wget -qO- https://get.docker.com/ | sh
To install docker in other operating systems check docker online documentation

Usage

To run container use the command below:
$ docker run -d -p 25 -p 80 quantumobject/docker-nagios
login : nagiosadmin password: admin please replace it after install.
to access the container please use :
$ docker exec -it container_id  /bin/bash
to replace password :
$ htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
Update (2015/03/19) Added NRPE checks support.

More Info

About Nagios www.nagios.org
To help improve this container quantumobject/docker-nagios
For additional info about us and our projects check our site www.quantumobject.org

SSHKey Generation

SSH Key generation:
-------------------------

Manually generating your SSH key in Windows

Modified: 06 Nov 2015 18:02 UTC
You can use PuTTY to generate your SmartMachine SSH key. PuTTY is a free open-source terminal emulator that functions much like the Terminal application in Mac OS X in a Windows environment. If you prefer a command line approach to SSH, you can use Cygwin to emulate a Linux-like environment on your Windows machine.
This topic shows you how to manually generate and upload an SSH key when working with PuTTY in the Windows environment.

About PuTTY

PuTTY is an SSH client for Windows that you will use to generate your SSH keys. You can download PuTTY fromwww.chiark.greenend.org.uk.
When you install the PuTTY client, you also install the PuTTYgen utility. PuTTYgen is what you will use to generate your SSH key for a Windows VM.

warning
This page gives you basic information about using PuTTY and PuTTYgen to log in to your provisioned machine. For more information on PuTTY, see the PuTTY documentation

Generating an SSH key

To generate an SSH key with PuTTYgen, follow these steps:
  1. Open the PuTTYgen program.
  2. For Type of key to generate, select SSH-2 RSA.
  3. Click the Generate button.
  4. Move your mouse in the area below the progress bar. When the progress bar is full, PuTTYgen generates your key pair.
  5. Type a passphrase in the Key passphrase field. Type the same passphrase in the Confirm passphrase field. You can use a key without a passphrase, but this is not recommended.
  6. Click the Save private key button to save the private key. Warning! You must save the private key. You will need it to connect to your machine.
  7. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and chooseSelect All.
  8. Right-click again in the same text field and choose Copy.
PuTTY key generator

Uploading an SSH key

Now you need to upload the copied SSH key to your Cloud Management portal.
  1. After you copy the SSH key to the clipboard, return to the Cloud Management portal.
  2. In the SSH Key field, paste your SSH key.
  3. In the Name field, provide a name for the key. Information Providing a key name is optional but is a good practice for ease of management.
  4. Click the Add this key button. See below.
uploading and ssh key
Warning! PuTTY and OpenSSH use different formats of public SSH keys. If the text you pasted in the SSH Key starts with —— BEGIN SSH2 PUBLIC KEY, it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with ssh-rsa AAAA….
Once you upload your SSH key to the portal, you can connect to your virtual machine from Windows through a PuTTY session.

Working with Git on Windows

Table of ContentsToggle

Setting up Git can be tricky on Windows compared to Linux or Mac, but if you follow the steps in this guide, you should have no problems using Git on Windows. We’ve done the hard work and chosen between the multiple options at key steps to help make things easier for you. This guide will take you through the steps to install and configure Git and connect it to remote repositories to clone, push, and pull. If you don’t have one already, create a Beanstalk account.

Choosing a Git distribution

There are two competing Git packages for Windows: a Cygwin-based Git and a version called msysGit. We will describe how to install the msysGit package. We recommend installing msysGit because we’ve found it’s easier to work with than the Cygwin based installation.

Installing Git

Once you have downloaded the msysGit executable, double click on it to start the installation wizard. Leave the default directory options. When you get to the “Adjusting your Path environment” setting, select the “Run Git from the Windows Command Prompt” option. Choosing this option will make it easy for you to run Git commands from the Windows Command Prompt (command line) if you choose. Command Prompt is a simple tool, where you can run commands, switch through folders, manage files and it can be ran by selecting RUN… in START menu, and executing cmd command.
Git Bash
You will notice that for the rest of this article we will use Git Bash for running Git commands. The Git Bash tool works in the same way as the default Windows’ Command Prompt, but has some special features. With Git Bash you’ll be able to use a number of UNIX command line tools along with access to Git, and we recommend it since it’s often simpler to use than the Windows Command Prompt.
You can run it by right clicking your mouse on the desktop, and selecting Git Bash from pop up window.
When you reach the step “Configuring the line ending conversions”, make sure to leave the option “Checkout Windows-style, commit Unix-style line endings” selected. This option makes sure that Git converts LF to CRLFwhen checking out text files. When committing text files, CRLF will also be converted to LF. This is a compatibility measure to protect newlines in text files, allowing you to easily work with text files on Windows and on Unix-style platforms.
Important note: The most common problems when setting up Git on Windows are related to SSH keys. Git uses SSH keys to securely access your repositories, and in Windows SSH keys are often searched on the wrong path when you try to use Git.
If you use an older version of msysGit, you may encounter a step called “Choosing the SSH executables”. If you encounter that dialog, we recommend that you choose the “Use OpenSSH” option.
After you have successfully installed Git on Windows, you’ll need to provide secure communication with your Git repositories by creating and installing SSH keys.

Installing SSH keys on Windows

To access your Git repositories you will need to create and install SSH keys. You can do this in two ways:
  • by using OpenSSH (generating SSH keys with ssh-keygen which comes with Git)
  • by using PuTTY (free Telnet and SSH client)
OpenSSH and PuTTY are free implementations of Telnet and SSH for Windows. They encrypt all traffic and provide secure communication with your remote Git repositories by using SSH keys.
We recommend OpenSSH over PuTTY, and it’s installed with your Git copy. PuTTY is recommended only for advanced users who are already familiar with how Git with SSH keys work.

Using OpenSSH and generating SSH keys with ssh-keygen

To communicate with the remote Git repository in your Beanstalk account from your Windows computer, you will need to generate an SSH key pair for that computer. This process requires only a few steps, but you do first need to install msysGit using the full installer as described above.

Generating a key pair

To do this you need to run Git Bash, which can be found in your START menu. Run the command:
ssh-keygen -t rsa
It will ask for location and pass phrase. Accept the default location (usually C:\Documents and Settings\username\.ssh\ or C:\Users\username\.ssh) by pressing ENTER. After that, make sure to set a strong pass phrase for the key.
Now that the keys are generated, open the file id_rsa.pub (found in the default location from the previous step) with a text editor. The contents of this file is your new public key. If you copy it to your clipboard, you can add it to your Beanstalk profile (under the PROFILE AND SETTINGS  KEYS= section).
Your SSH public key should look something like this:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyyA8wePstPC69PeuHFtOwyTecByonsHFAjHbVnZ+h0dpomvLZxUtbknNj3+
c7MPYKqKBOx9gUKV/diR/mIDqsb405MlrI1kmNR9zbFGYAAwIH/Gxt0Lv5ffwaqsz7cECHBbMojQGEz3IH3twEvDfF6cu5p
00QfP0MSmEi/eB+W+h30NGdqLJCziLDlp409jAfXbQm/4Yx7apLvEmkaYSrb5f/pfvYv1FEV1tS8/J7DgdHUAWo6gyGUUSZ
JgsyHcuJT7v9Tf0xwiFWOWL9WsWXa9fCKqTeYnYJhHlqfinZRnT/+jkz0OZ7YmXo6j4Hyms3RCOqenIX1W6gnIn+eQIkw==
Mac Pro
In your Beanstalk account, SSH key would look like this:
SSH Key Details in Beanstalk
After you have setup the SSH key on Beanstalk, you should be able to check a connection and then push or pull with your remote Git repository. In case you have trouble with SSH keys check $HOME path in your Windows operating system. Some other software can change HOME or HOME_PATH environment variable to point to different location, instead of your real home (Documents and Settings) directory.

Checking your connection

Before trying to access your Beanstalk repository, check if the connection to your remote repository works. In order to do that, run Git Bash, and enter this command, replacing accountname with your account name:
ssh git@accountname.beanstalkapp.com
In this case, this is the URL to access Git on your Beanstalk account. If you are using another version control hosting service, the URL would be provided by them.
When authenticating or later when trying to connect to Git repository most likely you will encounter a message that looks like this:
The authenticity of host 'accountname.beanstalkapp.com (204.232.132.2)' can't be established.
RSA key fingerprint is 30:9a:97:f3:19:4f:d1:6e:28:76:9e:e7:d1:df:2c:31.
Are you sure you want to continue connecting (yes/no)?
You can type yes and press ENTER, which will add your account’s hostnameaccountname.beanstalkapp.com to a known_hosts file. This step won’t need to be repeated later, unless your public key or your account names changes.
If you were authenticated correctly, you will see a message similar to this one:
You were successfully authenticated as [emailaddress] in accountname.beanstalkapp.com.
You can now continue to configure your local Git profile.

In case you have installed TortoiseGIT

GIT_SSH Variable
If you have ever installed TortoiseGit on the computer you’re setting up your keys on, you may encounter problems. TortiseGit creates an environment variable that configures Plink as your SSH keystore, which may conflict when you try to use Git and SSH. No matter how you change your config or uninstall TortoiseGit, that environment variable persists and until you delete it, Git will not look to your regular .ssh directory to find the proper key.
In our case environment variable looked like this:GIT_SSH=c:\Program Files\Putty\plink.exe. Environment variables can be found here:
  • Windows XP: CONTROL PANEL  SYSTEM PROPERTIES  ADVANCED  ENVIRONMENT VARIABLES
  • Windows 7: CONTROL PANEL  SYSTEM  ADVANCED SYSTEM SETTINGS  ENVIRONMENT VARIABLES

Having problems connecting to your Git repository on Windows 7?

Our users have reported problems when generating SSH keys on Windows 7 systems. If that happens for you, try generating your SSH keys on Windows XP if possible. After generating the private and public keys (following the steps to generate keys are provided above in the Generating a key pair chapter), copy the files to default SSH keys location in Windows 7 (usually C:\Documents and Settings\username\.ssh\ orC:\Users\username\.ssh).

Alternative to OpenSSH — using PuTTY to access your Git repository

Installing Git and using PuTTY to connect to your Git repository can be troublesome, so we recommend that you use the OpenSSH method which we described in the steps above. Using OpenSSH is simple and straightforward, but if OpenSSH is not an option, or for some other reason you prefer to use PuTTY to connect to your repositories, here is a step by step guide on how to do so.
Like OpenSSH, you will generate SSH keys and use them to communicate with your remote Git repositories, only now you will use PuTTY’s tools for generating, storing, and using the keys.

Installing PuTTY

You can download the PuTTY installation package and run it. The latest installation package at the moment of writing this article is putty-0.60-installer.exe which can be found under “A Windows installer for everything except PuTTYtel” heading.
Install PuTTY to the default recommended location, typically c:\Program Files\PuTTY\. Once installed, navigate to the installation folder where you will find:
  • plink – a command-line interface to the PuTTY back ends
  • puttygen – an RSA and DSA key generation utility
  • pageant – an SSH authentication agent for PuTTY, PSCP and Plink, in which we will store keys
  • putty – the Telnet and SSH client
You will also find some other files, but for this guide you only need to know about plink, puttygen, pageant and putty.

Adding GIT_SSH variable to environment

After you have installed PuTTY package, you’ll need to add a GIT_SSH variable to your environment variables which should point to the plink.exe file (including its entire path). Accepting our defaults from above, this will likely be: GIT_SSH=c:\Program Files\Putty\plink.exe
Environment variables can be found and created/edited here, depending on your version of Windows:
  • Windows XP: CONTROL PANEL  SYSTEM PROPERTIES  ADVANCED  ENVIRONMENT VARIABLES
  • Windows 7: CONTROL PANEL  SYSTEM  ADVANCED SYSTEM SETTINGS  ENVIRONMENT VARIABLES

Generating SSH key with puttygen

PuTTY Key Generator
After setting up the environment variable, you need to generate and save SSH keys with puttygen. Run puttygen.exe, which will allow you to generate a SSH-2 RSA public/private keypair. Once generated, save the public and private keys to a folder of your preference, just make sure to note the folder where the keys are shared. Easiest way to remember which is the private/public key is to name them private and public so you can distinguish them later.
Before leaving puttygen, copy the public key to your clipboard and paste it into your version control hosting account (in Beanstalk, under the PROFILE AND SETTINGS KEYS section).
Please note that when you generate a key with puttygen, the public key that you copy from puttygen and the public key you save to a file for later use are not in the same format. You can see on the picture below that the public key was saved with new lines and without the “ssh-rsa” keyword. In order to copy and paste the public key to Beanstalk, you need to copy it in the same format as it was when it was generated by puttygen. That format should be: “ssh-rsa keycodegenerated”. All you need to do is modify your key in an editor like Notepad, and then add it to Beanstalk.
Puttygen Public SSH Key Details

Adding your private key to pageant

Pageant Key List
After you have generated the SSH keypair, you need to add the SSH private key to pageant, PuTTY’s key management tool. First, run pageant, which can be found in the directory where you have installed PuTTY package (remember, by default: c:\Program Files\PuTTY\). You will see a small icon in your system tray (see the screenshot to the right), which indicates pageant is started. Click on the icon and in pageant window click “Add Keys”. Add the private key that was generated by puttygen in the previous step. The private key has extension .ppk, that is the easiest way to distinguish it from the public key you have created.
After you add the SSH key, you should see it in pageant key list.

Checking your connection

Once you have finished setting up PuTTY, all you need to do is check if the connection to your remote hosted Git repository works if you installed Git.
If you still haven’t installed Git download the msysGit executable, double click on it and the installation wizard should start. Leave the default directory options. When you get to the “Adjusting your Path environment” setting, select the “Use Git Bash only” option. Choosing this option will help you avoid path conflicts.
After you have installed Git run Git Bash and go to the directory where you have installed PuTTY and try to access your repository by typing this:
set Git
putty git@accountname.beanstalkapp.com:/gittreponame.git
If you are not authenticated correctly, a message like the following screenshot will pop up:
Putty Error
If you are authenticated correctly, a new window will pop up with message like this:
Using username "git"
Authenticating with public key "rsa-key-20110518" from agent
Pop up window will close shortly after authentication is finished, which means authentication was successful and you should be able to manage your Git repositories from now on.

Setting up Git profile

After you have authenticated correctly by installing Git and setting up SSH keys, before you start using your Git repositories, you should setup your Git profile by typing following after you run Git bash in command line:
git config --global user.name "Firstname Lastname"
git config --global user.email "your_email@youremail.com"
In case you are using Beanstalk for version control, it would be best if your first name, last name and email address match to the ones you use in your account to avoid any conflicts.

Summary

In order to be able to use your repository you need to:
  • Install Git
  • Generate SSH keys with PuTTY or ssh-keygen
  • Put keys in correct place (in pageant for PuTTY, in correct .ssh folder for OpenSSH)
  • Check if connection to the Git repository is working
  • Setup your Git profile
While setting up Git the most common mistakes include mismatched private and public SSH keys or the user doesn’t have permission to access the repository. If you run into any issues connecting to Beanstalk, don't hesitate to contact us using the links below.

Now what?

Now that you have Git properly installed and configured, you can use a client of your choice. Whether youchoose a terminal or a GUI, it is a good idea to learn the basic concepts and commands for versioning your files before. Here’s some recommended reading to get you started:


Saturday, 16 April 2016

PuppetClient Server Architecture

Puppet server client setup:

Puppet is a system that is used for automating system administration tasks. Almost all system administrators try to get rid of their daily repetitive and boring routine tasks with the help of scripting to automate them.
But there are issues with scripting and automating, that’s why we prefer to use Puppet configuration management tool that is extremely powerful in deploying, configuring and managing a server machine. Puppet keeps the configurations of your hosts under check and can used in one shot to configure a machine from scratch like installing packages, configurations and to create and manage users.
Let’s see how it works for a master and client installation and configuration on Ubuntu 14.04 that will consists of central Puppet Master Server where all of your configuration data will be managed and distributed, while the remaining servers will be acting as Puppet Agent nodes, which can be configured by Puppet Master Server.

Prerequisites

We will be using two virtual machines in this tutorial with Ubuntu 14.04 operating system installed on these with their static IP addresses and hostnames configured properly.
Let’s open the /etc/hosts file and configure it according to your infrastructure environment.
root@ubuntu-puppet:~# vim /etc/hosts
192.168.1.90  ubuntu-puppet.test.com      ubuntu-puppet
192.168.1.91   ubuntu-client.test.com      ubuntu-client
Where the ubuntu-puppet will serve as Master Puppet while we will install its agent on ubuntu-client.
Since Puppet is not in basic Ubuntu distribution repositories, we have to add a custom repository provided by Puppet Labs. On all servers in which you want to use Puppet, download and install the repository by executing following commands on each server.
root@ubuntu-puppet:~# wget http://apt.puppetlabs.com/puppetlabs-release-trusty.deb
root@ubuntu-client:~# wget http://apt.puppetlabs.com/puppetlabs-release-trusty.deb
To install the downloaded repository from puppet labs, let run the following commands to install.
root@ubuntu-puppet:~# dpkg -i puppetlabs-release-trusty.deb
root@ubuntu-client:~# dpkg -i puppetlabs-release-trusty.deb
Now update your system with latest packages and repositories with below command on each server.
root@ubuntu-puppet:~# apt-get update
root@ubuntu-puppet:~# apt-get update
The server acting as a puppet master should have its system time set accurately. To set, accurate system time you should probably use NTP service. Use the following command to install ntp server on your master puppet server.
root@ubuntu-puppet:~# apt-get -y install ntp
root@ubuntu-puppet:~# service ntp restart

Puppet Master Installation

Now we are ready to proceed with the install installation of puppet packages which will fetch all necessary prerequisites and requirements.
Once system time is set correctly, you can install latest versions of Puppet using Puppet Labs package repository on your correspondent Linux versions.
root@ubuntu-puppet:~# apt-get install puppetmaster
The output shows the successful installation of puppetserver and its running services. We can check the puppet version with below command.
root@ubuntu-puppet:~# puppet -V
3.8.1
Now we need to lock the puppet version update as this will hamper the configurations while updating Puppet. It will not update Puppet while running updates in the system. We can do these settings by creating a new file with following configurations as shown.
root@ubuntu-puppet:~# vim /etc/apt/preferences.d/00-puppet.pref
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.8*
Pin-Priority: 501
:wq!

Puppet Master Configuration

To configure puppetmaster, we need to change its puppet.conf file, where we will just comment out this line templatedir=$confdir/templates while other parameters will remain as same.
After making required changes to the configuration file now restart master puppet services.
root@ubuntu-puppet:~# service puppetmaster stop
root@ubuntu-puppet:~# service puppetmaster start
At this stage our master puppet server is ready, now let’s move towards its client setup on another virtual machine with Ubuntu 14.04 Operating system installed.

Puppet Client Installation

As we had already done with installation of its prerequisites, now simply run the following command to installpuppet client on the host that will be interacted with Puppet Master Ubuntu server.
root@ubuntu-client:~# apt-get install puppet

Puppet Version Lock

In the same way as we did for Puppet master server, we will lock the Puppet version so that it may not cause any issue during the operating system updates.
To check the installed puppet version use puppet -V command and then create a new file called in the apt preferences directory with following configurations changes.
root@ubuntu-client:~# puppet -V
3.8.1
root@ubuntu-client:~# vim /etc/apt/preferences.d/00-puppet.pref
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.8*
Pin-Priority: 501
:wq!
Now it will not update the Puppet while running updates in the system, so let’s proceed with Puppet client configuration in following steps.

Puppet Client Configurations

Open the configuration file of puppet client by using any of your favorite editor and configure its parameters as shown. We will comment out the [master] configurations here and will add the new lines under[agent] as shown.
root@ubuntu-client:~# vim /etc/puppet/puppet.conf 

Enable Puppet Service

To enable puppet service we have to make changes in its default configurations file. Setting this to “yes” allows the puppet agent service to run.
root@ubuntu-client:~# vim /etc/default/puppet
START=yes
:wq!
Save the changes and start puppet agent services with below command.
root@ubuntu-client:~# service puppet start
 * Starting puppet agent
The output shown confirms that our client machine is ready to communicate with puppet master server.

Exchange Certificates from Master to Client Puppet

Now we are going to generate new certificates for Master Puppet to Client Puppet communications because after successful configuration of Puppet client it will search for Puppet master Server and ask for cert request before accepting any administrative instructions from Master puppet server.
Let’s run the command at Puppet Master Ubuntu server to view such cert requests.
root@ubuntu-puppet:~# puppet cert list
"ubuntu-client.test.com" (SHA256) 37:23:4B:89:F4:F4:35:A1:4E:53:A8:BE:D6:98:C6:C5:39:98:62:6F:02:3E:5A:D0:B6:3C:C9:3D:F5:F7:09:94
The above output shows that the ubuntu-client came to master Puppet and ask for certs request. Now the puppet master server must sign the cert requested from puppet client with following command.
root@ubuntu-puppet:~# puppet cert sign ubuntu-client.test.com
Notice: Signed certificate request for ubuntu-client.test.com
Notice: Removing file Puppet::SSL::CertificateRequest ubuntu-client.test.com at '/var/lib/puppet/ssl/ca/requests/ubuntu-client.test.com.pem'
It means that the request from the Client Puppet has been accepted by the Puppet Master server. To confirm we can check this by executing the following command at Master Puppet server as.
root@ubuntu-puppet:~# puppet cert list -all
+ "ubuntu-client.test.com" (SHA256) 5D:7F:0A:A3:48:D3:65:69:94:91:3E:C3:1C:0F:56:63:BA:1C:2C:8A:DB:F5:18:68:76:BB:41:04:4B:DD:56:0C
+ "ubuntu-puppet.test.com" (SHA256) E1:C7:3C:CE:81:EB:C0:24:1F:5C:B6:D5:0D:93:58:12:18:00:70:D2:7A:8F:C0:47:1C:74:FD:CA:D6:DC:A2:77 (alt names: "DNS:puppet", "DNS:puppet.test.com", "DNS:ubuntu-puppet.test.com")
Where the + sign in the output shows the successful certificate signing at the master puppet server.
We can also view the certificates fingerprint on the client puppet machine by running the following command on the Client Puppet machine as below.
root@ubuntu-client:~# puppet agent --fingerprint
Similarly we can add any number of clients with Puppet master Ubuntu Server and sign the cert requests from the clients and do the administrations centrally through the Puppet Master server.

Once ipaddress is provided in puppet master as well as client, then in the client :
please enter: puppet agent -t     
It will throw some error like Exiting; no certificate found and waitforcert is disabled
do not worry about it, go back to master and there we have to execute the command: puppet cert list

First we need to update the host name in puppet master and agent ,  and then try to ping from each other ,if they are able to ping each other then it is working fine.
they are able to connect to each other.
 next step is to create hand shake between puppet master and puppet client.
for this we have to mention in the puppet client conf.file server=puppethostname 
once it is done: execute the command from the puppet client : puppet agent -t
This command will send an request to puppet master, there you will the request by executing the command : puppet cert list :
Now handshake is made, you have to confirm the communication.


Set Up the Puppet Master

enable the puppetlabs-release repository on Ubuntu 14.04, unpackage it, and update your system. This process downloads a .deb file that will configure the repositories for you:
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
dpkg -i puppetlabs-release-trusty.deb
apt-get update
wget puppetlabs-release-pc1-OS-VERSION.noarch.rpm
[main]
dns_alt_names = puppet,puppet.example.com

In Agent Node
[main]
serverserver = puppet.example.com
service puppet restart