Striker: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{header}} | {{header}} | ||
{{warning|1=This | {{warning|1=This is an in-progress document. Do not expect anything here to be accurate or correct. This warning will be removed when the guide is completed. You can track the progress on [https://github.com/digimer/striker Striker's Github] page.}} | ||
''Striker'' is the [[Anvil!]] web-based dashboard. | |||
It's goal is to reduce the potential for human errors causing availability interruptions by simplifying the interface as much as possible. With it, you can build, maintain and replace other dashboards and ''Anvil!'' nodes, as well as build ''Anvil!' systems from scratch. | |||
= | ''Striker'' dashboards also act as a ''[[ScanCore]]'' database. Two or more ''Striker'' dashboards will work together to make the ''ScanCore'' data resilient by handling replication of the data and n-way resync automatically to update new or rebooted dashboards. | ||
= Building an Anvil = | |||
With version 2, perhaps the biggest new feature is the nearly completely automated building of new ''Anvil!'' systems. | |||
== Overview == | |||
This starts by download the ''Striker'' ISO generator, running it against either a [[RHEL]] or [[CentOS]] 6 ISO and it spits out an ''Anvil!'' build ISO. You can then burn this to a DVD or write it to a USB drive (using another small tool). | |||
You boot the first ''Striker'' dashboard off of the ISO use it build up the dashboard machine. | |||
Once done, you can get rid of the ISO if you'd like. All further installs will happen over the network! | |||
The ''Striker'' UI acts as an "Install Target". When you enable it, you can then boot other dashboards or nodes, choose to boot of the network and they will boot and install from Striker, just the same as if you had booted up from the ISO, just a lot more conveniently. | |||
== Staged Installs == | |||
Building dashboards and nodes is a 2-stage process. | |||
The first stage is like installing firmware on a router; It gets the base OS install and initial configuration, but it is a generic system at that point. | |||
The second stage is where you configure the system for your environment. | |||
The "Install Target" function handles the stage-1 install for both dashboards and nodes. The stage-2 is handled differently for dashboards and nodes, which we'll cover in a bit. | |||
== Install Striker == | == Install Striker == | ||
Revision as of 19:37, 21 May 2016
|
AN!Wiki :: Striker |
 |
Warning: This is an in-progress document. Do not expect anything here to be accurate or correct. This warning will be removed when the guide is completed. You can track the progress on Striker's Github page. |
Striker is the Anvil! web-based dashboard.
It's goal is to reduce the potential for human errors causing availability interruptions by simplifying the interface as much as possible. With it, you can build, maintain and replace other dashboards and Anvil! nodes, as well as build Anvil!' systems from scratch.
Striker dashboards also act as a ScanCore database. Two or more Striker dashboards will work together to make the ScanCore data resilient by handling replication of the data and n-way resync automatically to update new or rebooted dashboards.
Building an Anvil
With version 2, perhaps the biggest new feature is the nearly completely automated building of new Anvil! systems.
Overview
This starts by download the Striker ISO generator, running it against either a RHEL or CentOS 6 ISO and it spits out an Anvil! build ISO. You can then burn this to a DVD or write it to a USB drive (using another small tool).
You boot the first Striker dashboard off of the ISO use it build up the dashboard machine.
Once done, you can get rid of the ISO if you'd like. All further installs will happen over the network!
The Striker UI acts as an "Install Target". When you enable it, you can then boot other dashboards or nodes, choose to boot of the network and they will boot and install from Striker, just the same as if you had booted up from the ISO, just a lot more conveniently.
Staged Installs
Building dashboards and nodes is a 2-stage process.
The first stage is like installing firmware on a router; It gets the base OS install and initial configuration, but it is a generic system at that point.
The second stage is where you configure the system for your environment.
The "Install Target" function handles the stage-1 install for both dashboards and nodes. The stage-2 is handled differently for dashboards and nodes, which we'll cover in a bit.
Install Striker
Requirements
- A machine with two wired network interfaces, one to the BCN and one to the IFN.
- RHEL, CentOS or similar version 6.x (6.5 or higher recommended).
- Minimal install is sufficient, provided you install perl.
- The installer will install everything else it needs.
yum install perl
<yum output>
This install document will be using a fresh, minimal install of CentOS 6.5.
Getting the Install Script
The Striker installer needs to be downloaded. To account for minimal installs where wget is not available, we'll use curl instead which is always available.
curl https://raw.githubusercontent.com/digimer/striker/master/tools/striker-installer > striker-installer
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 96104 100 96104 0 0 148k 0 --:--:-- --:--:-- --:--:-- 318k
chmod 755 striker-installer
ls -lah ./striker-installer
-rwxr-xr-x. 1 root root 94K Sep 1 17:55 ./striker-installer
Using the Install Script
The install script works by taking command line switches. You can get a better explanation of the switches by running ./striker-installer -h .
The Striker installer configures the system as well as load the striker software. So we're going to tell it what host name, IP addresses and credentials to use.
In this tutorial, I am building a new Striker dashboard machine I will call an-m03.alteeve.ca. I will be setting the following values:
| Parameter | Switch | Value | Description | ||
|---|---|---|---|---|---|
| Back-Channel Network | -b | 10.20.4.3/16 | Sets the BCN IP address and subnet mask. | ||
| Internet-Facing Network | -i | 10.255.4.3/16,dg=10.255.255.254,dns1=8.8.8.8,dns2=8.8.4.4 | Sets the IFN IP address, subnet mask, default gateway and DNS servers. | ||
| Host name | -n | an-m03.alteeve.ca | Sets the host name of the Striker dashboard machine. | ||
| Dashboard Owner | -c | Alteeve's Niche! | This sets the name used on the password prompt when connecting to the dashboard. It reflects the owner/manager of the dashboard and is usually a company or organization name. | ||
| Email server user and password | -e | digimer@example.com:super secret password | This is the email account user name and password that will be used later when sending alert emails from nodes. | ||
| Mail server details | -m | mail.example.com:587 | This is the mail server address and port that will be used later when sending alert emails from nodes. It is against this server that the user name and password defined in -e will be used. | ||
| Striker user and password | -u | admin:another secret password | This sets the user name and password that users will use when connecting to the dashboard.
|
 |
Note: If you have already configured the network, please skip the -b and -i switches. If you have already configured the host name, please skip the -n switch. |
|
Note: This is a standard bash call, so please be sure to quote anything with spaces and to escape special characters like !. |
Knowing this, the installer command will be:
./striker-installer \
-b 10.20.4.3/16 \
-i 10.255.4.3/16,dg=10.255.255.254,dns1=8.8.8.8,dns2=8.8.4.4 \
-n an-m03.alteeve.ca \
-c "Alteeve's Niche\!" \
-e "digimer@example.com:super secret password" \
-m mail.example.com:587 \
-u "admin:another secret password"
Running the installer
We're specifying -b and -i, so the installer won't be totally autonomous. It will pause to prompt us to unplug the network cable going to the physical interface that we want to make the Back-Channel Network and the Internet-Facing Network links. Once the mapping of the interfaces is confirmed, the installer will finish running without further input.
./striker-installer \
-b 10.20.4.3/16 \
-i 10.255.4.3/16,dg=10.255.255.254,dns1=8.8.8.8,dns2=8.8.4.4 \
-n an-m03.alteeve.ca \
-c "Alteeve's Niche\!" \
-e "digimer@example.com:super secret password" \
-m mail.example.com:587 \
-u "admin:another secret password"
##############################################################################
# ___ _ _ _ The Anvil! Dashboard #
# / __| |_ _ _(_) |_____ _ _ -=] Installer #
# \__ \ _| '_| | / / -_) '_| #
# |___/\__|_| |_|_\_\___|_| #
# https://alteeve.ca/w/Striker #
##############################################################################
[ Note ] - No specific version requested, will install: [1.1.5]
Sanity checks complete.
Checking the operating system to ensure it is compatible.
- We're on a RHEL (based) OS, good. Checking version.
- Looks good! You're on: [6.5]
Done.
Backing up some network related system files.
- The backup directory: [/root/anvil] doesn't exist, creting it.
- Backup directory successfully created.
- Backing up: [/etc/udev/rules.d/70-persistent-net.rules]
- It exists, backing it up.
- Copying: [/etc/udev/rules.d/70-persistent-net.rules] to: [/root/anvil/]
- Backing up: [/etc/sysconfig/network-scripts]
- Copying: [/etc/sysconfig/network-scripts] to: [/root/anvil/]
Done.
Making sure all network interfaces are up.
- The network interface: [eth1] is down. It must be started for the next stage.
- Checking if: [/etc/sysconfig/network-scripts/ifcfg-eth1] exists.
- Config file exists, changing BOOTPROTO to 'none'.
- Attempting to bring up: [eth1]...
- Checking to see if it is up now.
- The interface: [eth1] is now up!
Done.
-=] Configuring network to enable access to Anvil! systems.
Beginning NIC identification...
- Please unplug the interface you want to make:
- [Back-Channel Network, Link 1]
|
Note: If you are running the installer over the network, you will not see any output when you unplug the active cable. That is ok, just wait a second and then plug it back in. |
Unplug the network cable going to the physical interface that you want to use to connect to the BCN.
- NIC with MAC: [02:0c:9d:02:a0:9e] will become: [bcn-link1]
- (it is currently: [eth1])
- Please plug in all network cables to proceed.
Now plug it back in again.
- Please unplug the interface you want to make:
- [Internet-Facing Network, Link 1]
As before, unplug the cable going to the interface you want to use to connect to the IFN.
- NIC with MAC: [10:bf:48:24:69:2e] will become: [ifn-link1]
- (it is currently: [eth0])
- Please plug in all network cables to proceed.
Plug it back in again.
|
Note: The network configuration will be updated, but the in-use configuration will not change until the Striker machine is rebooted. |
If you are happy with how the network will be reconfigured, press <enter>. If you want to try again, simply type n and then press <enter>.
Here is what you selected:
- Interface: [02:0C:9D:02:A0:9E], currently named: [eth1],
- will be renamed to: [bcn-link1]
- Interface: [10:BF:48:24:69:2E], currently named: [eth0],
- will be renamed to: [ifn-link1]
The Back-Channel Network interface will be set to:
- IP: [10.20.4.3]
- Netmask: [255.255.0.0]
The Internet-Facing Network interface will be set to:
- IP: [10.255.4.3]
- Netmask: [255.255.0.0]
- Gateway: [10.255.255.254]
- DNS1: [8.8.8.8]
- DNS2: [8.8.4.4]
Shall I proceed? [Y/n]
Looks good, so we will proceed.
This is a good time to go make a coffee, it might take a little while to finish, particularly if this is a fresh minimal install. The installer will run OS updates as well as install all needed packages.
|
Note: During the install of packages, it might appear that the installer has hung. Please be patient! Buffering causes output to not be shown for a while. It is extremely unlikely that the installer has hung, and waiting is usually all that is needed. |
- Thank you, I will start to work now.
Writing the new udev rules file: [/etc/udev/rules.d/70-persistent-net.rules]
Done.
Deleting old network configuration files:
- Deleting file: [/etc/sysconfig/network-scripts/ifcfg-eth1]
- Deleting file: [/etc/sysconfig/network-scripts/ifcfg-wlan0]
- Deleting file: [/etc/sysconfig/network-scripts/ifcfg-eth0]
Done.
Writing new network configuration files.
- IFN Link 1: [/etc/sysconfig/network-scripts/ifcfg-ifn-link1]
- BCN Link 1: [/etc/sysconfig/network-scripts/ifcfg-bcn-link1]
Done.
Configuring this system's host name.
- Reading in the existing hostname file.
- Writing out the new version.
Done.
-=] Beginning configuration and installation processes now. [=-
Checking if anything needs to be installed.
- The AN!Repo hasn't been added yet, adding it now.
- Added. Clearing yum's cache.
- output: [Loaded plugins: fastestmirror]
- output: [Cleaning repos: an-repo base extras updates]
- output: [Cleaning up Everything]
- Done!
The OS will update at this point. If there are a lot of updates needed, this could take a while.
==============================================================================
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: less.cogeco.net
* extras: less.cogeco.net
* updates: centos.bhs.mirrors.ovh.net
Setting up Update Process
Resolving Dependencies
--> Running transaction check
<snip>
Complete!
==============================================================================
Done.
Getting a list of currently installed packages.
- ............................................................................
- .............................................................................
- ...............................................................
Done!
Checking to see if any packages need to be installed.
- Package: [acpid] needs to be installed.
- Package: [ccs] needs to be installed.
- Package: [cyrus-sasl] already installed.
- Package: [cyrus-sasl-plain] needs to be installed.
- Package: [expect] needs to be installed.
- Package: [fence-agents] needs to be installed.
- Package: [guacd] needs to be installed.
- Package: [httpd] needs to be installed.
- Package: [libcdio] needs to be installed.
- Package: [libguac-client-rdp] needs to be installed.
- Package: [libguac-client-ssh] needs to be installed.
- Package: [libguac-client-vnc] needs to be installed.
- Package: [man] needs to be installed.
- Package: [mlocate] needs to be installed.
- Package: [mod_ssl] needs to be installed.
- Package: [ntp] needs to be installed.
- Package: [openssl-devel] needs to be installed.
- Package: [perl-CGI] needs to be installed.
- Package: [perl-CPAN] needs to be installed.
- Package: [perl-Net-SSH2] needs to be installed.
- Package: [perl-Net-SSLeay] needs to be installed.
- Package: [perl-TermReadKey] needs to be installed.
- Package: [perl-Test-Simple] needs to be installed.
- Package: [perl-YAML-Tiny] needs to be installed.
- Package: [policycoreutils-python] needs to be installed.
- Package: [postfix] already installed.
- Package: [rsync] needs to be installed.
- Package: [screen] needs to be installed.
- Package: [syslinux] needs to be installed.
- Package: [tomcat6] needs to be installed.
- Package: [vim-common] needs to be installed.
- Package: [wget] needs to be installed.
- Done
As with the operating system updates above, if many packages need to be installed, this could take a while.
Installing missing packages now. Please be patient.
==============================================================================
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: less.cogeco.net
* extras: less.cogeco.net
* updates: centos.bhs.mirrors.ovh.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
<snip>
Complete!
==============================================================================
Done.
Getting a list of currently installed packages.
- ............................................................................
- .............................................................................
- .............................................................................
- .............................................................................
- .............................................................................
- .................
Done!
Verifying that everything is installed now.
- Package: [acpid] installed.
- Package: [ccs] installed.
- Package: [cyrus-sasl] installed.
- Package: [cyrus-sasl-plain] installed.
- Package: [expect] installed.
- Package: [fence-agents] installed.
- Package: [guacd] installed.
- Package: [httpd] installed.
- Package: [libcdio] installed.
- Package: [libguac-client-rdp] installed.
- Package: [libguac-client-ssh] installed.
- Package: [libguac-client-vnc] installed.
- Package: [man] installed.
- Package: [mlocate] installed.
- Package: [mod_ssl] installed.
- Package: [ntp] installed.
- Package: [openssl-devel] installed.
- Package: [perl-CGI] installed.
- Package: [perl-CPAN] installed.
- Package: [perl-Net-SSH2] installed.
- Package: [perl-Net-SSLeay] installed.
- Package: [perl-TermReadKey] installed.
- Package: [perl-Test-Simple] installed.
- Package: [perl-YAML-Tiny] installed.
- Package: [policycoreutils-python] installed.
- Package: [postfix] installed.
- Package: [rsync] installed.
- Package: [screen] installed.
- Package: [syslinux] installed.
- Package: [tomcat6] installed.
- Package: [vim-common] installed.
- Package: [wget] installed.
- All required packages are now installed.
If everything installed properly, the latest version of Striker will be downloaded (if needed) and installed.
Downloading Striker, if needed.
- Downloading version: [1.1.5] from: [https://github.com/digimer/an-cdb/archive/1.1.5.tar.gz]
==============================================================================
--2014-09-01 19:36:27-- https://github.com/digimer/an-cdb/archive/1.1.5.tar.gz
Resolving github.com... 192.30.252.131
Connecting to github.com|192.30.252.131|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/digimer/an-cdb/tar.gz/1.1.5 [following]
--2014-09-01 19:36:27-- https://codeload.github.com/digimer/an-cdb/tar.gz/1.1.5
Resolving codeload.github.com... 192.30.252.147
Connecting to codeload.github.com|192.30.252.147|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/x-gzip]
Saving to: `1.1.5.tar.gz'
[ <=> ] 1,437,924 1.24M/s in 1.1s
2014-09-01 19:36:29 (1.24 MB/s) - `1.1.5.tar.gz' saved [1437924]
==============================================================================
- Download complete.
- Extracting: [1.1.5.tar.gz]
- Output: [an-cdb-1.1.5/]
- Output: [an-cdb-1.1.5/CHANGELOG]
- Output: [an-cdb-1.1.5/README.md]
- Output: [an-cdb-1.1.5/an-cluster_setup.pl]
- Output: [an-cdb-1.1.5/an.conf]
- Output: [an-cdb-1.1.5/anvil_setup]
- Output: [an-cdb-1.1.5/cgi-bin/]
- Output: [an-cdb-1.1.5/cgi-bin/an-cdb]
- Output: [an-cdb-1.1.5/cgi-bin/an-cdb.lib]
- Output: [an-cdb-1.1.5/cgi-bin/an-cluster.lib]
- Output: [an-cdb-1.1.5/cgi-bin/an-mc]
- Output: [an-cdb-1.1.5/cgi-bin/an-mc.lib]
- Output: [an-cdb-1.1.5/cgi-bin/common.lib]
- Output: [an-cdb-1.1.5/cgi-bin/common.xml]
- Output: [an-cdb-1.1.5/cgi-bin/strings.xml]
- Output: [an-cdb-1.1.5/guacamole/]
- Output: [an-cdb-1.1.5/guacamole/README]
- Output: [an-cdb-1.1.5/guacamole/guacamole-0.9.2.war]
- Output: [an-cdb-1.1.5/guacamole/guacamole-auth-noauth-0.9.2.jar]
- Output: [an-cdb-1.1.5/guacamole/guacamole.properties]
- Output: [an-cdb-1.1.5/guacamole/noauth-config.xml]
- Output: [an-cdb-1.1.5/html/]
- Output: [an-cdb-1.1.5/html/an-cdb.css]
- Output: [an-cdb-1.1.5/html/an-cdb.js]
- Output: [an-cdb-1.1.5/html/favicon.ico]
- Output: [an-cdb-1.1.5/html/index.html]
- Output: [an-cdb-1.1.5/html/jquery-latest.js]
- Output: [an-cdb-1.1.5/html/skins/]
- Output: [an-cdb-1.1.5/html/skins/alteeve/]
- Output: [an-cdb-1.1.5/html/skins/alteeve/common.css]
- Output: [an-cdb-1.1.5/html/skins/alteeve/common.html]
- Output: [an-cdb-1.1.5/html/skins/alteeve/common.js]
- Output: [an-cdb-1.1.5/html/skins/alteeve/config.html]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/anvil-url_16x16.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/back.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/gather_info.gif]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/hard-drive-with-led_128x128.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/hard-drive_128x128.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/icon_clear-fields_16x16.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/icon_server-desktop_n01.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/icon_server-desktop_n02.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/icon_server-desktop_offline.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/icon_server-desktop_oops.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/logo_striker_01.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/raid_battery_128x128.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/raid_controller_128x128.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/raid_logical-disk_128x128.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/refresh.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/images/t.png]
- Output: [an-cdb-1.1.5/html/skins/alteeve/jquery-latest.js]
- Output: [an-cdb-1.1.5/html/skins/alteeve/lsi-storage.html]
- Output: [an-cdb-1.1.5/html/skins/alteeve/main-page.html]
- Output: [an-cdb-1.1.5/html/skins/alteeve/media-library.html]
- Output: [an-cdb-1.1.5/html/skins/alteeve/select-anvil.html]
- Output: [an-cdb-1.1.5/html/skins/alteeve/server.html]
- Output: [an-cdb-1.1.5/striker-installer]
- Output: [an-cdb-1.1.5/tools/]
- Output: [an-cdb-1.1.5/tools/99-an-usb.rules]
- Output: [an-cdb-1.1.5/tools/an-cluster_setup.pl]
- Output: [an-cdb-1.1.5/tools/an-cm]
- Output: [an-cdb-1.1.5/tools/an-cm.lib]
- Output: [an-cdb-1.1.5/tools/an-usb-insert]
- Output: [an-cdb-1.1.5/tools/an-usb-remove]
- Output: [an-cdb-1.1.5/tools/an-usb.conf]
- Output: [an-cdb-1.1.5/tools/an-usb.lib]
- Output: [an-cdb-1.1.5/tools/archive_an-cm.log.sh]
- Output: [an-cdb-1.1.5/tools/archive_megasas.log.sh]
- Output: [an-cdb-1.1.5/tools/backup_node_config.sh]
- Output: [an-cdb-1.1.5/tools/bond_watch]
- Output: [an-cdb-1.1.5/tools/call_gather-system-info]
- Output: [an-cdb-1.1.5/tools/call_gather-system-info.c]
- Output: [an-cdb-1.1.5/tools/check_dvd]
- Output: [an-cdb-1.1.5/tools/check_dvd.c]
- Output: [an-cdb-1.1.5/tools/do_dd]
- Output: [an-cdb-1.1.5/tools/do_dd.c]
- Output: [an-cdb-1.1.5/tools/gather-system-info]
- Output: [an-cdb-1.1.5/tools/generate_tz_list]
- Output: [an-cdb-1.1.5/tools/oui_parser]
- Output: [an-cdb-1.1.5/tools/restart_guacd]
- Output: [an-cdb-1.1.5/tools/restart_guacd.c]
- Output: [an-cdb-1.1.5/tools/restart_tomcat6]
- Output: [an-cdb-1.1.5/tools/restart_tomcat6.c]
- Output: [an-cdb-1.1.5/tools/safe_anvil_start]
- Output: [an-cdb-1.1.5/version]
- Will use the source directory: [./an-cdb-1.1.5]
Done.
Configuring Apache.
- Backing up original files.
- Copying: [/etc/httpd] to: [/root/anvil/]
- Reading in the existing system user file.
- Writing out the new version.
- Creating the apache home directories.
- Creating: [/var/www/home].
- Creating: [/var/www/home/archive].
- Creating: [/var/www/home/cache].
- Creating: [/var/www/home/media].
- Creating: [/var/www/home/status].
- Setting ownership to: [apache:apache].
- Setting mode to: [0775].
- Setting up Striker's authentication via Apache's htpasswd...
- Generating: [admin]'s: [/var/www/home/htpasswd] password file.
Adding password for user admin
- Reading in the existing config file and adjusting as needed.
- Writing out the new version.
Done.
Configuring Tomcat.
- Backing up: [/etc/tomcat6/server.xml].
- Copying: [/etc/tomcat6/server.xml] to: [/root/anvil/]
- Reading in the existing tomcat server configuration server.
- Writing out the new version.
Done.
Configuring guacamole
- Creating the Guacamole configuration directory.
- Creating the Guacamole Tomcat directory.
- Creating the Guacamole library directory.
- Creating the Guacamole classpath directory.
- Copying the 'auth-noauth' module into place.
- Copying: [./an-cdb-1.1.5/guacamole/guacamole-auth-noauth-0.9.2.jar]
to: [/var/lib/guacamole/classpath/]
- Copying the 'auth-noauth' module into place.
- Copying: [./an-cdb-1.1.5/guacamole/noauth-config.xml]
to: [/etc/guacamole/]
- Copying: [./an-cdb-1.1.5/guacamole/guacamole-0.9.2.war]
to: [/var/lib/guacamole]
- Creating guacamole web archive symlink.
- Symlink created successfully.
- Copying: [./an-cdb-1.1.5/guacamole/guacamole.properties]
to: [/etc/guacamole/]
- Creating guacamole properties symlink.
- Symlink created successfully.
Done.
The next step creates SSH keys for the apache user. If you are installing Striker on a light-weight computer/appliance, the time needed to collect entropy could be lengthy.
Configuring SSH daemon to allow faster logins.
- Backing up: [/etc/ssh/sshd_config].
- Copying: [/etc/ssh/sshd_config] to: [/root/anvil/]
- Reading in the existing ssh daemon configuration file.
- Writing out the new version.
- Generating: [apache]'s RSA keys.
[ Note ] - Please be patient! It might take time to collect entropy.
- Output: [Generating public/private rsa key pair.]
- Output: [Created directory '/var/www/home/.ssh'.]
- Output: [Your identification has been saved in /var/www/home/.ssh/id_rsa.]
- Output: [Your public key has been saved in /var/www/home/.ssh/id_rsa.pub.]
- Output: [The key fingerprint is:]
- Output: [17:f2:f3:bf:da:c9:a7:60:75:7b:2f:79:27:65:30:0e apache@an-m03.alteeve.ca]
- Output: [The key's randomart image is:]
- Output: [+--[ RSA 8191]----+]
- Output: [| |]
- Output: [| |]
- Output: [| . . |]
- Output: [| o .E o |]
- Output: [| S + o.o.|]
- Output: [| . o ...+|]
- Output: [| + =.|]
- Output: [| . =+.*|]
- Output: [| ..BBo|]
- Output: [+-----------------+]
Done.
Configuring the firewall to allow normal and secure web access.
- Backing up: [/etc/sysconfig/iptables].
- Copying: [/etc/sysconfig/iptables] to: [/root/anvil/]
- Reading the current firewall configuration.
- Opening access for standard web access.
- Opening access for secure web access.
- Saving the new iptables configuration.
Done.
Copying Striker program files into place.
- Backing up: [/var/www].
- Copying: [/var/www] to: [/root/anvil/]
- Copying HTML files and skins.
- Copying executable files and languages.
- Copying tools.
- Creating the Striker configuration directory.
- Copying base Striker configuration file.
- Copying: [./an-cdb-1.1.5/an.conf]
to: [/etc/an]
- Updating mail server values in Striker's configuration file.
- Writing out the new version.
Done.
- Creating empty Striker log file.
Done.
Setting ownership and permissions/modes on Striker files.
- On: [/var/www],
Setting ownership and mode to: [apache:apache] and: [g+w], respectively.
- On: [/etc/guacamole/noauth-config.xml],
Setting ownership and mode to: [root:apache] and: [0664], respectively.
- On: [/etc/hosts],
Setting ownership and mode to: [root:apache] and: [g+w], respectively.
- On: [/etc/ssh/ssh_config],
Setting ownership and mode to: [root:apache] and: [g+w], respectively.
- On: [/etc/an/an.conf],
Setting ownership and mode to: [apache:apache] and: [0660], respectively.
- On: [/etc/an],
Setting ownership and mode to: [apache:apache] and: [g+w], respectively.
- On: [/var/log/an-cdb.log],
Setting ownership and mode to: [apache:apache] and: [g+w], respectively.
- On: [/var/www/tools/call_gather-system-info],
Setting ownership and mode to: [root:root] and: [6755], respectively.
- On: [/var/www/tools/check_dvd],
Setting ownership and mode to: [root:root] and: [6755], respectively.
- On: [/var/www/tools/do_dd],
Setting ownership and mode to: [root:root] and: [6755], respectively.
- On: [/var/www/tools/restart_guacd],
Setting ownership and mode to: [root:root] and: [6755], respectively.
- On: [/var/www/tools/restart_tomcat6],
Setting ownership and mode to: [root:root] and: [6755], respectively.
Done.
All of the services that are set to be stopped will be told to stop. If those services are not installed, they will print a harmless error.
Similarly, all services set to be enabled will be restarted. If they were not running yet, then you will see a harmless [FAILED] message on the stop portion of the restart.
Configuring daemons to start/stop on boot and start/stop daemons.
- Disabling: [ip6tables] on boot and stopping it.
- Output: [ip6tables: Setting chains to policy ACCEPT: filt[ OK ]]
- Output: [ip6tables: Flushing firewall rules: [ OK ]]
- Output: [ip6tables: Unloading modules: [ OK ]]
- Enabling: [iptables] on boot and (re)starting it.
- Output: [iptables: Setting chains to policy ACCEPT: filte[ OK ]]
- Output: [iptables: Flushing firewall rules: [ OK ]]
- Output: [iptables: Unloading modules: [ OK ]]
- Output: [iptables: Applying firewall rules: [ OK ]]
- Enabling: [httpd] on boot and (re)starting it.
- Output: [Stopping httpd: [FAILED]]
httpd: apr_sockaddr_info_get() failed for an-m03.alteeve.ca
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
- Output: [Starting httpd: [ OK ]]
- Enabling: [haldaemon] on boot and (re)starting it.
- Output: [Stopping HAL daemon: [FAILED]]
- Output: [Starting HAL daemon: [FAILED]]
- Enabling: [acpid] on boot and (re)starting it.
- Output: [Stopping acpi daemon: [FAILED]]
- Output: [Starting acpi daemon: [ OK ]]
- Enabling: [tomcat6] on boot and (re)starting it.
- Output: [Stopping tomcat6: [ OK ]]
- Output: [Starting tomcat6: [ OK ]]
- Enabling: [guacd] on boot and (re)starting it.
- Output: [Stopping guacd: [FAILED]]
guacd[11178]: INFO: Guacamole proxy daemon (guacd) version 0.9.2
guacd[11178]: INFO: Successfully bound socket to host ::1, port 4822
guacd[11178]: INFO: Exiting and passing control to PID 11179
guacd[11179]: INFO: Exiting and passing control to PID 11180
- Output: [Starting guacd: [ OK ]]
- Enabling: [ntpd] on boot and (re)starting it.
- Output: [Shutting down ntpd: [FAILED]]
- Output: [Starting ntpd: [ OK ]]
Done.
Making sure that selinux is permissive.
- Backing up: [/etc/selinux/config].
- Copying: [/etc/selinux/config] to: [/root/anvil/]
- Reading in the existing selinux config file.
- Setting selinux to 'permissive'.
- Writing out the new version.
Done.
Setting root user's password.
- Output: [Changing password for user root.]
- Output: [passwd: all authentication tokens updated successfully.]
Done!
##############################################################################
# NOTE: Your 'root' user password is now the same as the Striker user's #
# password you just specified. If you want a different password, #
# change it now with 'passwd'! #
##############################################################################
[ Warning ] - You may need to reboot the network if the network interfances
[ Warning ] - were renamed. Simply restarting the network will likely not
[ Warning ] - work.
Installation of Striker is complete!
As you see in the final note, the root user's password was changed. If you want the dashboard's root password to differ from the main striker password, be sure to call passwd to change it.
In this install, a new kernel was installed during the OS update process and the network interfaces were renamed. So we need to restart the dashboard.
reboot
Broadcast message from root@an-m03.alteeve.ca
(/dev/pts/0) at 19:55 ...
The system is going down for reboot NOW!
[root@localhost ~]# Connection to 10.255.1.10 closed by remote host.
Connection to 10.255.1.10 closed.
When the dashboard server boots back up, you will be able to connect to it using your favourite web browser.
Configuring a New Striker Dashboard
|
Note: I prefer to use host names instead of IP addresses. As such, I have added the hostname an-m03 to my /etc/hosts file, which I will use for the rest of this tutorial. You are free to use the raw IP address if you wish. |
|
Note: There is no default password. If you forget your password, you will need to re-run the install script with the -u "user:password" switch to reset it. |
When you first connect to the new dashboard, you will be prompted for a user name and password. Use the values you set with the -u switch during the install. Once logged in, you will be told that no Anvil! systems have been defined.
 |
 |
The first thing to do is the click on Manage and make sure the global variables are set the way you like. These control how mail is delivered and will be used for all Anvil! systems you define, unless you provide an override for a given Anvil!.
 |
 |
 |
Now that the global variables are set, let's add our first Anvil! system!
 |
 |
 |
 |
 |
 |
|
Note: To delete an Anvil! from your dashboard, open it as if you were going to edit it and click on the small red "x" icon, which will clear the form. Save the now-empty form and that Anvil! will be removed. |
Now when you go back to the main page, you will see the newly added Anvil! in the list where the "New" massage was. Click on the name of your newly added Anvil! and, assuming everything was entered correctly, you will be able to manage it right away!
 |
If you only have one Anvil! defined, future connections to the dashboard will immediately select it. If you want to get back to the configuration menu, simply click on the title logo.
Powering on an Anvil!
This section will show how to power up an Anvil! from a completely powered off state.
In order to power on an Anvil!, two things must be true;
- Your Striker dashboard must be on the Anvil!'s Back-Channel Network.
- The dashboard must have logged into the Anvil! at least once before so that the fence methods and credentials are in cache.
Monitor
The monitor application is based around a "Striker API". The monitor itself acts as a daemon that calls scanner agents it finds inn the cgi-bin/scan.d directory.
| Any questions, feedback, advice, complaints or meanderings are welcome. | |||
| Alteeve's Niche! | Enterprise Support: Alteeve Support |
Community Support | |
| © Alteeve's Niche! Inc. 1997-2024 | Anvil! "Intelligent Availability®" Platform | ||
| legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions. | |||