Setting up RRDReST on CentOS 8 or AlmaLinux 9

There are some differences on setting up RRDReST on CentOS 8, Almalinux 9 vs CentOS 7

If you are setting this up to use with LibreNMS and Grafana, check out the rest of the this article. https://www.incredigeek.com/home/setting-up-grafana-on-librenms/

Installing RRDReST

All the docker commands have been swapped out for podman.

  1. Install Docker
  2. Create a compose file
  3. Run compose file to create container

Install docker

Podman is default on CentOS 8 and later and is, for the most part, a drop in replacement for Docker.

sudo yum install -y podman podman-compose
sudo systemctl enable podman

Create a Podman / Docker network to use. We’ll use this to assign a static IP address to the container. We’ll call the network rrdnet, and we’ll use the 10.89.2.0/24 range.

sudo podman network create --subnet=10.89.2.0/24 rrdnet

Create podman-compose file

Create a docker compose file

vi podman-compose.yml

Add the following

version: "3.5"
services:
  rrdrest:
    image: michaelwadman/rrdrest:latest
    container_name: rrdrest
    restart: always
    volumes:
      - "/opt/librenms/rrd:/opt/librenms/rrd:Z"
    environment:
      - TZ=America/Denver
    networks:
      rrdnet:
        ipv4_address: 10.89.2.2
        ipam:
          driver: default
          config:
            - subnet: 10.89.2.0/24
networks:
  rrdnet:
    external: true

Change the TZ to your time zone. If you have issues with the graphs, most likely something is off with the time zone between this container and Grafana/LibreNMS server

Note that the :Z is needed for SELinux to allow RRDReST to access the sub folders. AKA. the rrd files.

The container should have a 10.89.2.2 IP address. You can take all the networking sections out, and the container will receive DHCP. The problem is that the IP can change, breaking our graphs in Grafana.

Run RRDReST Container

Save the file. Then start and setup the container with

sudo podman-compose up -d

You will need your docker container IP address to setup the connection in Grafana. If you used the above docker-compose config, then it should be 10.89.2.2.

sudo docker exec -it rrdrest ip addr | grep eth0

Configure RRDRest to start on system boot with systemd

The “restart: always” option does not appear to work on systems with podman. We can create a systemd service instead.

Use the following command to automatically create a systemd file.

sudo podman generate systemd rrdrest

Copy the contents to a new file in /etc/systemd/system/

/etc/systemd/system/rrdrest.service

If you end up deleting the rrdrest container, you’ll need to update the systemd file again. You may need also need to run “systemctl daemon-reload”

Enable the new service with

systemctl enable rrdrest

Congratulations. RRDReST is now setup and running.

You can verify it’s running by checking with Podman / Docker.

sudo podman ps

You can also ping it

ping 10.89.2.2

Change IP Address for VMware ESXI Host from Command Line

We can use the the built in esxcli command to change the IP address for a server

First we need to get the interface name. We can get the info with the following command.

esxcli network ip interface ipv4 get
Name  IPv4 Address   IPv4 Netmas   IPv4 Broadcast  Address Type  DHCP DNS 
----  ------------  -------------  --------------  ------------  -------- 
vmk0  192.168.0.4   255.255.255.0  192.168.0.0     STATIC           false

The text in bold is our interface name.

Set the interface to pull DHCP

The following command will set the interface to use DHCP. If your interface name is different, then you will want to change that.

esxcli network ip interface ipv4 set -i vmk0 -t dhcp

Set a static IP

We can set a static IP address with the following command. Change the IP and Subnet for the appropriate IP address and Subnet.

esxcli network ip interface ipv4 set -i -I IP -N Subnet vmk0 -t static

Changes take affect immediately so you’ll need to re ssh into the server.

http://virtuallystable.com/2019/08/14/how-to-change-the-ip-address-of-an-esxi-host-via-esx-cli/

Cambium R195W cnPilot Routers Randomly Dropping

The Problem

We have been experiencing a problem with our Cambium routers where they randomly drop and are unresponsive till a reboot. They’ll also stop handing out addresses on the LAN side.

A reboot “fixes” the problem, until it does it again. You can trigger the behavior by running a port scan against the router. Wondering if the CPU/Memory get overloaded?

nmap -T4 -A -v 192.168.11.1

While running a scan on the LAN side, the web interface slows down, but doesn’t seem to take it down as fast as a scan on the WAN side.

goahead.sh is a script that may be maxing out the cpu, but could be completely unrelated.

Resolution

Configuring the “Allowed Remote IP(IP1;IP2;)” to limit WAN access effectively blocks port scans and resolves the issue. Setting is under Administration -> Management -> Web Settings. You can add multiple ranges with

10.0.0.0/8;172.16.0.0/12;192.168.0.0/16
Configure Allowed Remote IP cnPilot R195W

It looks like the public ip ranges are limited to /24’s so if you you have a block of public IP addresses larger than a /24, you’ll need to break it down into 24’s to work properly.

Template for cnMaestro

You can also create a template in the Cambium Cloud so you can apply the change to multiple routers fairly easily.

Go to Configuration -> Templates and add a new template.

WebRemoteLegalIP=10.0.0.0/8;192.168.0.0/16;172.16.0.0/12
WebRemoteLegalIP template for cnMaestro

And then you can go to your device -> Configuration and apply your new config.

Apply Allowed WAN IPs Template

Do note that if you run a scan from an allowed range, it still seems to cause problems. But at least setting the Allowed Remote IPs will keep others from scanning your network and causing problems on your R195’s.

WHM/cPanel – Change Main Server IP

Change IP Address from command line

Open up the following file, change eth0 to your primary ethernet adapter. More info here.

 vi /etc/sysconfig/network-scripts/ifcfg-eth0

and under IPADDR set it to the new IP. Update netmask and gateway if needed.

Save file and restart network

systemctl restart network

Update License

You may need to run the following to update the license on the server.

/usr/local/cpanel/cpkeyclt

Change Server IP in WebHost Manager

Change IP for server in Basic WebHost Manager Setup

Other things to do

You may need to migrate IP’s to the new address.
If you are keeping the old address on the server, then you may need to readd it through the IP Functions.

WHM/cPanel – Works from some networks and not others.

Had a problem with a WHM/cPanel server where it was working fine from a couple different networks, but then would not work on others. The server itself seemed fine and fully operational.

Checked firewall rules on routers, server, checked IP routes, tried disabling cPHulk. Ended up being there were a couple addresses added with the incorrect subnet mask which was keeping it from working. Removed the IP’s with the wrong subnet and it started working on all networks.

[root@host ~]# ifconfig
eth0: flags=4163 mtu 1500
  inet 192.168.1.70 netmask 255.255.255.224 broadcast 192.168.1.95
  inet6 7f80::4588:523f:a697:c311 prefixlen 64 scopeid 0x20
  ether 4b:02:de:0d:cf:1a txqueuelen 1000 (Ethernet)
  RX packets 171071 bytes 83556877 (79.6 MiB)
  RX errors 0 dropped 0 overruns 0 frame 0
  TX packets 163710 bytes 76482245 (72.9 MiB)
  TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0:cp1: flags=4163 mtu 1500
  inet 192.168.1.74 netmask 255.255.255.224 broadcast 192.168.1.95
  ether 4b:02:de:0d:cf:1a txqueuelen 1000 (Ethernet)

eth0:cp6: flags=4163 mtu 1500
  inet 192.168.1.75 netmask 255.255.224.0 broadcast 23.145.159.255
  ether 4b:02:de:0d:cf:1a txqueuelen 1000 (Ethernet)
…

[root@host ~]#

Under eth0:cp6 the IP has a 255.255.224.0 subnet which is incorrect. Should have been a 255.255.255.224 (/27) subnet.

Removed the IP out of WHM and then readded with the correct subnet mask and it now works.

Make sure you add and IP with the correct subnet

Change Static IP on AirFiber over SSH

Log into device

SSH into AirFiber

ssh ubnt@192.168.1.20

Modify config file

Open up the “/tmp/system.cfg” configuration file

vi /tmp/system.cfg

Find the line that has the ip address and modify the address.
Note that you’ll need to hit i to enter text if you are using vi

...
netconf.3.hwaddr.status=disabled
netconf.3.ip=192.168.1.10   <-- Change IP here
netconf.3.mtu=1500 
...

Save file by hitting the esc key then type :x and then hit Enter

Save changes and reboot

Now run the following command to write the changes to the device. Once it comes back up it should have the new IP address from the config file.

cfgmtd -f /tmp/system.cfg -w && reboot

Mikrotik RouterOS – “drop all from WAN not DSTNATed”

The default DSTNATed firewall rule keeps traffic from the WAN accessing LAN side IP addresses.

More info here

Printing the rules on a router with the default config should show the following.

;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-nat-state=!dstnat in-interface=ether1

If you are wanting to add the rule to a router, you can copy and past the following command. Replace in-interface=ether with your in interface.

/ip firewall add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat in-interface=ether1

EdgePoint – set IP configuration to DHCP via command line

Change eth0 to the interface you would like to change.

SSH into EdgePoint and type in configure to get into a configuration prompt

configure

Now set interface eth0 to dhcp

set interfaces ethernet eth0 address dhcp

Delete the static IP address on eth0 if needed

delete interfaces ethernet eth0 address 192.168.1.1/24

Save changes

commit

Setup DHCP server on Linux

Install dhcp server software

sudo apt install isc-dhcp-server

Edit the following config file and set the networking interface it should use. In this case enp60s0

sudo vi /etc/default/isc-dhcp-server

Example line to change

INTERFACESv4="enp60s0"

Now edit the dhcpd.con file

sudo vi /etc/dhcp/dhcpd.conf 

Add the following in. Change the addresses and settings as needed.

subnet 192.168.47.0 netmask 255.255.255.0 {
   range 192.168.47.26 192.168.47.30;
   option domain-name-servers ns1.internal.example.org;
   option domain-name "internal.example.org";
   option subnet-mask 255.255.255.0;
   option routers 192.168.47.1;
   option broadcast-address 192.168.47.255;
   default-lease-time 600;
   max-lease-time 7200;
 }

Set a static ip on the computer that’ll be acting as the dhcp server. You can set it as the gateway if it is the gateway.

Allow dhcp through the firewall

sudo ufw allow  67/udp
sudo ufw reload
Restart the service and connect a client.

sudo systemctl restart isc-dhcp-server

More info.

You can look at dhcp leases with the following command

tail -f /var/lib/dhcp/dhcpd.leases