skip to main content

op5 Appliance system

op5 Appliance system
Introduction
This document is intended for the System administrator that has the operational responsibility for the op5 system. You are expected to have good knowledge and understanding of computers but you don’t have to have any prior UNIX or Linux knowledge.
This document will try to give you a brief overview of the underlying system that is the base for the op5 appliance and it will cover most basic things that are needed to manage the day to day operation.
Fundamentals
op5 System
op5 utilizes CentOS 5 as the operating system. CentOS is an Enterprise-class Linux Distribution derived from Red Hat Enterprise Linux sources. This means that CentOS 5 is binary compatible with Red Hat Enterprise Linux 5. The op5 System contain a basic but minimal CentOS server installation as a base. On top of that we add common tools and applications needed by op5 products. The op5 System also contain a number of custom, op5 made tools and applications.
All applications are distributed as RPM packages, and made available for customers on our support web www.op5.com/support and in our yum repositories.
System access
There are three ways to access an op5 System.
1
2
3
By HTTPS using a standard web browser
The portal page
The third way, HTTPS access, is used to access the web interfaces for op5 products and the op5 System portal page. You can use the portal page to configure your system, gather information about installed software and retrieve information regarding new patches from op5 Support web. You find the portal by directing your web browser to the op5 System, https://<server-address>. The portal page also contains links to any installed op5 products.
The product logos on the portal page links to the respective products web page.
Console and SSH access
You can also administer the system by SSH. SSH is much like telnet but it is encrypted so that nobody can see or interfere with what you are typing. To use SSH you must install a SSH client software at your computer. Most Linux distributions comes with a SSH client included and there are several SSH clients available free of charge for Microsoft Windows.
We recommend putty that can be found on http://www.chiark.greenend.org.uk/~sgtatham/putty/
 
An other capable SSH client for Microsoft Windows can be found at http://www.ssh.com/. It is only free for non-commercial use though. This client also includes an interface to transfer files in a secure manner from and to the op5 server.
You need to access the system via the console or by SSH to install upgrades and patches.
System accounts
To change the configuration of a op5 System you need to log on. The root account is the superuser of the system and equal to the Administrator account in Windows.
The default password for user root is monitor.
Note:
You should Change password as soon as possible after installation to block unauthorized access.
Be aware that when you are logged on the system as root you have the power to literally wipe the system out, so be careful and if unsure take a backup before performing any changes (read more on backups below Backing up the System).
Install / Restore
Install a new system
To install a new op5 System you need the op5 Installation / Recovery CD. If you have not received the cd with the system you can download it as an .iso file from www.op5.com/support/downloads/ and create a installation cd using your favorite cd-creation program.
Assure that you have console access by connecting a monitor and keyboard to the op5 System.
Insert the op5 Installation / Recovery CD and reboot the system (read more in the Shutdown or restart section). If the system already is powered off, simply power it on and insert the cd before the system bootup sequence has started.
Follow the instructions the on-screen instructions.
System configuration
Using the web gui portal page
The easiest way to configure your op5 system is to use the web interface at https://<your ip>/ and click Configure System.
Note:
This is only valid if you have enabled DHCP on the net where your op5 System is placed. If not you have to setup your network from the console.
To start configuring you need to log on using the password for the root account. Initial login information is:
password: monitor
Settings
Configuring step by step
The settings can be configure step by step in a similar way as the old wizard. On every object, except for the last one (Network), you can click on either Apply & continue or Skip & continue to either save the new settings or leave them with the old value and continue.
To save the new value and stay in the same settings part click Apply.
Time Settings
Here you configure NTP (Network Time Protocol) and clock settings.
To add a new time server
Type in the new server name in the NTP server textfield and click on Add. Remember to click Apply to save the new settings.
Email
Here you configure settings for the email server on you op5 system.
Note:
If you dont configure any relay host or fallback relay, then op5 system will act as a regular MTA and send the mails to whatever mail server that is responsible for the receiving mail domain.
Beside adding a relay host, fallback relay host you can also send a test message.
To send a test message type in the recieving email address in the Email Address field and click Send test message.
SMS
Here you configure settings for the sms modem.
If you have a pin code on your sim card type in the code in PIN code.
Modem type
op5 have two types of modems. Depending on what modem type you have you should set the baud rate needed. The table below describes the diffrent settings.
Network Settings
Here you can set up static address on your interfaces or turn on DHCP instead. You can also add a bonding interface here and decide wich interfaces to bond.
As default the op5 Appliance system uses DHCP on all network interfaces, this is also the case for the DNS settings.
To change the host name
1
Click Static on the DNS settings.
2
Change the host name in the Host name text field.
3
Click Apply and then Apply at the bottom of the page.
 
Editing DNS settings
You can chose between static DNS settings or use DHCP to set the DNS settings.
To change the DNS settings
1
Click Static or DHCP, in this case we use Static.
2
 
 
Setting up static address
To setup a static address on an interface
1
Click on Static on the interface you like to configure.
2
Fill in IP Address, Netmask, Gateway and click Apply.
3
Click Apply on the bottom of the page.
 
To setup DHCP on an interface
1
Click DHCP on the interface you like to use DHCP.
2
Click Apply.
3
Click Apply on the bottom of the page.
Setting up a bonding interface
Setting up a bonding interface is devided into two steps:
*
*
 
To setup a bonding interface
1
Click Create a new bond interface.
2
Click either Static or DHCP, in this case we use Static.
3
Fill in IP Address, Netmask, Gateway and click Apply.
To assign physical interfaces to a bonding interface.
1
Click on Bond on the interfaces you like to assign to this bonding interface.
2
Chose bonding interface and click Apply repeat this for every interface you like to add.
3
Click Apply at the bottom of the page.
Backup
Here you configure automatic backup of your op5 system. A local storage path can also be set to a mount point for a mounted external file system, i.e. a shared folder at a remote server.
There are only two types of storage to chose between:
*
*
Note:
op5 backup will not backup logs of op5-logserver, so you better have remote archive setuped for this, or backup them manually.
Maintenancse
Update system
If your server has got Internet access you can use this as a frontend to the comand line tool yum.
Enable nightly updates if you like the updates to be installed automatic as soon as they are released.
If you have any packages listed in Available updates select the one you like to install and click Install. During the update process you will not be able to start an other update.
Backup now
Starting from op5 Appliance system 3.5 you can make manual backups.
There are two types of backups that can be made here:
*
*
 
The default backup type will backup up the same things that are backed up in the automated one.
The change arch backup is excluding things like binaries and other archetecture dependet stuff. This make the arch backup perfect to use if you are changing from op5 appliance system 32 bits to 64 bits.
To make a manual backup
1
2
3
4
 
 
Now when your backup is done you should save your backupfile.
The backupfile is actually a normal tar file but with .backup as extension instead and it can be used with the normal op5-restore utillities.
The file will be saved in the filesystem (/var/www/html/backups/) on your op5 Appliance system so you migth download it over scp.
To save the newly created backupfile click download and save it where ever you like.
Services
Sometimes you might want to stop, start or restart a service on you op5 Appliance system. Here you have the possibility to do that without loggin in to server over ssh or directly on the console.
The list does not contains all services on the server.
To stop, start or restart a service
1
2
Click stop, restart or start on the same line as the service name of the service you like to change the state of. The service will change state at once.
 
Change password
Here you can change the password of the root user. Note that this is the root user of the system so its important to keep it safe.
License
Here you add your op5 license. Make sure that your license correspond to your usage. By adding your licence file you also gain access to updates using the 'yum update' command. Please see the sections Update system or YUM update manager , for more information.
To add a license file
1
Click License Information in the main menu.
2
Click Browse and chose the license file.
3
Click Upload.
4
Click Install.
Manually from the prompt
Using the setup tool
op5 System contains a menu based configuration tool called setup. With this tool you can configure some of the system base settings. Configuration options not supported by the setup tool are covered in the “fdsa” section below.
 
Note:
The following configuration options are covered by the setup tool:
*
*
*
*
*
*
To run the setup tool log on as user root and run the command setup
monitor!root~:# setup
Use the arrow keys to navigate the setup tool. When you are done configuring, check that all settings are correct and exit the program. Don’t forget to save.
Note:
Firewall/SELinux and Authentication settings should be altered with care. Creating a restrictive configuration might cause op5 products to malfunction.
For more information about how to use the seutp tool please take a look at the op5 Quick install guide that can be found on www.op5.com/support.
Editing configuration files
You can also setup an op5 System by using a text editor such as vim or jed.
Note:
Note: this manual does not cover the usage of vim or jed, there are other manuals that does that. Check out the command vimtutor for an intruduction to the vim editor.
The following files needs to be edited if you configure the system by a text editor
To configure keyboard layout:
/etc/sysconfig/keyboard
To set root password run the command passwd.
monitor!root:~# passwd
To configure timezone
/etc/sysconfig/clock
 
The following files are used when changing the network settings:
 
Kernel modules: /etc/modprobe.conf
Editing this file is optional, the default settings are usually sufficient.
This file sets options to modules (drivers) that is loaded into the kernel. You need to edit this file to configure duplex settings for the op5 System network cards or if you want to change or turn bonding support on or off.
Network time server: /etc/ntp.conf
Editing this file is optional but highly recommended by op5.
This file configures which server that the op5 System shall use as Network Time Server. Edit the variable ‘server’ to change the server to synchronize against. It is possible to add several server entries to get time from several NTP servers.
If you are unsure about if you have a NTP server to synchronize against you can always use pool.ntp.org which is a large pool of, free to use, NTP servers on the Internet.
Example:
server ntp.pool.org
When you have edited the file you can issue following commands to force a time syncronization and test your configuration.
service ntpd stop
ntpdate ntp1.sth.netnod.se
service ntpd start
You can replace ntp1.sth.netnod.se in the example above with the ipaddress or hostname of your own NTP server.
Note:
E-mail settings: /etc/postfix/main.cf
Editing this file is mandatory.
This file configures postfix which is the MTA (Mail Transfer Agent) that comes with op5 System. The MTA is used primarily to send out notification and report emails from your op5 products.
To be able to deliver emails the following variables must be edited
myhostname, set itto the FQDN of your op5 System
If you want the MTA to use a relay host (ie forward all emails to a specific mail server) edit following variables.
relay_host, set this to the hostname of your mail server. This variable is optional.
fallback_relay, set this to the hostname of your fallback relay, in case your primary mailserver is down. This variable is optional.
 
Note:
SMS modem: /etc/smsd.conf
Editing this file is optional.
This file configures the smsd program that sends SMS messages. This file is only needed if your system is equipped with a GSM/GPRS modem.
If you don’t want to edit this file make sure to disable the PIN-code control on your SIM card.
If you want to use a PIN code you need to uncomment and edit the variable ‘pin’
Example:
pin=1234
Depending on what sms gateway you have you may need to change the baudrate.
baudrate=38400
The table below describes what baudrate need for each sms gateway.
 
To test your settings you can issue the command ‘sendsms’
monitor!root:~# sendsms
Destination: 46733123456
Text: Testing to send SMS.
If you want to see whats happening you can issue the command ‘tail -f /var/log/smsd.log’ which will show you the conversation between the sms program and the gsm modem.
NRPE: /etc/nrpe.conf
Editing this file is optional, but highly recommended.
NRPE is the UNIX/Linux agent that op5 products use to gather information about the op5 System. To allow an op5 System to communicate with NRPE the ‘allowed_hosts’ variable needs to be edited.
Example:
allowed_hosts=127.0.0.1,192.168.1.10
SSL certificates: /etc/httpd/mksslcrt.sh
This is a script that can be used to generate a self signed SSL certificate for the op5 webbserver. Run the script by issuing the command /etc/httpd/mksslcrt.sh
Note:
If you select to encrypt the CA and SERVER keys on STEP 7 and 8 you will have to enter the pass phrase every time you start apache. op5 recommend you not to encrypt keys.
System backup: /etc/op5-backup/main.conf
op5 recommends that you configure backup for your system.
op5backup is a simple but efficient backup utility for the op5 System. It can backup the configuration of op5 System, op5 Monitor, op5 Statistics and op5 Logserver. If you configure op5backup it is very easy to restore a failed system. Read more on Backing up the System.
Static routes: /etc/sysconfig/network-scripts/route-<ifname>
This is optional.
Persistent routes are configured by creating a file for each interface that you wish to route traffic out from. The file should be named /etc/sysconfig/network-scripts/route-<ifname>
Example: /etc/sysconfig/network-scripts/routes-eth0
The syntax for this file is
<network> via <gateway>
Example:
172.27.76.0/24 via 192.168.1.1
Patch management
The op5 System is RPM based, therefore all patches is distributed as RPM packages. Starting with op5 System version 3.0 the yum update manager is supported and the recommended method to update your system. More information regarding yum is found at:
http://linux.duke.edu/projects/yum
 
YUM update manager
Yum is an automatic updater and package installer/remover for rpm based Linux systems. Yum is the default method used to update a number of major rpm based distributions, including CentOS and Red Hat Enterprise Linux 5. The op5 System is preconfigured to retreive all its updates via op5 repositories. To manage yum you need console access to the system or log on via SSH.
To check if there are any updates availabe for your system execute:
yum check-update
Issuing the command above might give a result looking like this:
Loading "installonlyn" plugin
Setting up repositories
Reading repository metadata in from local files
 
op5-system-upgrade.noarch 3.0.3-op5.1_RHEL5 op5-system-base
plugins.i386 2.2.0-op5.4_RHEL5 op5-system-addon
portal.noarch 1.4.4-op5.1_RHEL5 op5-system-addon
This means that there are three available updates. To download and install the 'plugins.i386' and 'portal.norach' packages issue:
yum update plugins.i386 portal.noarch
Yum have a built-in dependency checker that automatically fetches any other package that the chosen package(s) depend on.
To install all available updates you issue the same command but without specifying any package:
yum update
Note:
The repositories provided by op5 is intended for op5 customers only. You therefor need to have a valid op5 license installed to be able to use yum.
Handling RPM packages manually
RPM is the package management software that op5 System utilizes. A RPM package consists of all files and information necessary to install or upgrade a software.
To install an RPM package use the command ‘rpm –Uvh’
Example:
monitor!root~# rpm -Uvh plugins-2.0.6.op5.4.rpm
Preparing… ################################# [100%]
1:plugins ################################# [100%]
monitor!root~#
Here is a list of useful RPM commands
 
Installs or upgrades a package
removes an installed package
Search for a package where the search string is a part of the package name.
Lists files that the package provides
 
Administrative tasks
start / stop services
To control which programs that shall run on the system when it is started you can use following commands.
chkconfig
service
chkconfig can be used to control which programs that should be started during the boot sequence. It can also show you the current configuration.
A service can start and stop programs during runtime. This is for example useful if you would like to restart op5 Monitor.
 
chkconfig --list
List which programs that shall be started at boot time. This command first list the program name and then seven columns that represents different run-levels. All you have to care about is runlevel 3 which is the default runlevel for op5 System.
 
chkconfig smsd on
chkconfig smsd off
Tells the system to start or stop the smsd program during boot time.
 
service monitor stop
service monitor start
Turns on and off OP5 Monitor during runtime.
Shutdown or restart
To shutdown the system in a proper way you should log onto the system as root user and issue the following command.
shutdown -h now.
 
This means that the system will shutdown all running programs and then halt. After this it is safe to shut down the power to the system.
 
To restart the system issue the command reboot or press Control-Alt-Delete on the console.
Backing up the System
It is important to backup your op5 System to be able to restore configuration and important data in case of a system failure.
There are several ways to backup the system. Since op5 System is based on CentOS 5 most large providers of backup solutions has clients that can be installed on the op5 System.
For those cases where backup possibilities for linux systems does not exist we have created a backup utility called op5backup that can create backups of system configuration data and op5 product configurations and data.
op5backup consists of a backup script and a restore script. The backup script op5-backup can be scheduled to run using cron and it can place the backups in a local or remote mounted directory or transfer the file to another server over FTP.
Note:
op5 backup will not backup logs of op5-logserver, so you better have remote archive setuped for this, or backup them manually.
Configuration
The main configuration file for op5backup is placed in the following file:
/etc/op5-backup/main.conf
Following variables needs to be set
transfer=, set this to ftp or local
if you use local as transfer location the configure this variable
storagepath=, set this to where the backup should be placed
 
If you use ftp as transfer mode then configure following variables
backupserver=, set this to a FQDN or ipaddress to you ftp server
backuppath=, set this to the path where you want your backups. Leave blank if no path is needed.
backupuser=, username for the ftp account
backuppass=, password for the ftp account
If you have added software or data to your op5 System that you want to be included in the backup you should add this to the /etc/op5-backup/modules/custom file.
The backup modules is written in bash uses a set of variables and functions. The table below describes the variables used in a backup module script
 
The files and folders to backup with this module. It can contain both single files, filenames with wildcards like * and whole folders.
Users should not change redefine this variable!
The following table describes the function used in a op5 backup module:
Used to check if it is ok to performe the backup specified in this backup module. If it is ok it should return 0 if not it should return 1.
Here is an exemple of how a backup module could look like:
DESCRIPTION="Custom backup"
FILES_TO_BACKUP="
/opt/custom_app/etc/*.conf
/opt/custom_app/var/
"
function CHECK() {
rpm -q custom_app
return $?
}
function BACKUP_ACTION() {
mysqldump --databases custom_app > $WORKDIR/custom_app.sql
}
function RESTORE_ACTION() {
if [ -f $WORKDIR/custom_app.sql ]; then
mysql monitor_reports < $WORKDIR/custom_app.sql
fi
}
Schedule backups
To setup cron to execute this script you need to edit the following file.
/etc/cron.d/op5backup
For backups every day at 01.59 enter the following:
36 11 * * * root /usr/sbin/op5-backup >/dev/null 2>&1
For more information about the cron file execute the following command:
man 5 crontab
Restore backups
To restore a backup, execute the op5restore.sh script with the
backup-file as argument:
/usr/sbin/op5-restore [-h] -b backup_file [ -f ] [module...]
 
Options:
-h, shows this help
-b, the path to backup file to restore from
-f, restore files only. Do not execute any post-restore actions, such as restoring DB from dump.
Upgrade system via Internet
If your op5 Appliance system has HTTP connection to the Internet you can perform your upgrades directly with the yum command. Yum will get the files and data from the op5 repos.
To upgrade with the op5 repos
1
2
Upgrade system from iso file
If your op5 Appliance system hos no connection to the Internet you can still upgrade the system. All you have to do is to download the latest op5 Appliance system iso file.
To upgrade with the op5 Appliance system iso file
1
2
3
4
5
Mount the CD-Rom
mount -o loop /dev/cdrom /mnt/cdrom
6
Execute the following command line to perform the upgrade
yum --disablerepo=\* --enablerepo=op5-media \
-c /mnt/cdrom/yum-media.conf update
7
Unmount and eject the CD-Rom
umount /mnt/cdrom ; eject
Useful commands
cd change directory
pwd show current directory
ls list directory contents
rm delete file or directory
mv move or rename file or directory
tail show the 10 last rows in a file, useful for viewing logs, tail –f to follow/trace
less show the contents of a file
man manual
vi A text editor
jed another text editor
References
http://www.op5.com/support/
http://www.centos.org/
http://www.rpm.org/
http://www.chiark.greenend.org.uk/~sgtatham/putty/
http://www.ssh.com/
http://winscp.net
http://linux.duke.edu/projects/yum

Feedback on documentation Feedback on documentation