This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
oldgettingstarted [2019/01/28 10:49] morten remove obsolete page |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Old Getting Started ====== | ||
- | |||
- | :!: This is the old document, that i out of date. Kept so we can import what's useful to the [[gettingstarted|new document]]. | ||
- | |||
- | FIXME This information is outdated | ||
- | <code> | ||
- | |||
- | Getting started with NAV 3.0 | ||
- | ============================ | ||
- | (This guide assumes NAV is installed in /usr/local/nav) | ||
- | |||
- | NAV 3.0 assumes a simpler directory structure than previous NAV | ||
- | versions. Below /usr/local/nav/ you will find the following | ||
- | directories: | ||
- | |||
- | ======= ====================================================================== | ||
- | apache/ Web related content/programs. | ||
- | bin/ Executable programs. | ||
- | doc/ Documentation. | ||
- | etc/ Configuration files. | ||
- | var/ Local data created by NAV programs, such as logs and other data files. | ||
- | ======= ====================================================================== | ||
- | |||
- | In addition to this document, we advise you to take a look at the | ||
- | project reports of NAVMore and tigaNAV, which explains much of the | ||
- | functionality implemented in NAV 3.0. | ||
- | |||
- | |||
- | Creating users and groups | ||
- | ========================= | ||
- | Unless you have installed NAV through some automated system which | ||
- | creates necessary users and groups (such as RPM), you need to create | ||
- | the the group "nav" and user "navcron". The navcron user should have | ||
- | nav as its default group, its home directory set to /usr/local/nav, | ||
- | and should be allowed to execute cron jobs. Other than that, the user | ||
- | needs no special privileges. It is used to run unprivileged NAV | ||
- | processes, and will normally not even login password (i.e. needs no | ||
- | password set). | ||
- | |||
- | |||
- | Initializing the NAV databases | ||
- | ============================== | ||
- | When you have installed NAV 3.0 for the first time, you need to | ||
- | initialize the NAV database. The directory /usr/local/nav/doc/sql/ | ||
- | contains the SQL scripts necessary to initialize the PostgreSQL | ||
- | databases used by NAV, and a README file explaining how. | ||
- | |||
- | Please note that beforehand, you should configure your PostgreSQL to | ||
- | accept tcp/ip connections ($PGDATA/postgresql.conf), set a password | ||
- | for the postgres superuser and configure your pg_hba.conf to only | ||
- | accept md5 authentication (not trust, and not ident). Please refer to | ||
- | the PostgreSQL documentation for this. | ||
- | |||
- | After initializing, you should again connect to PostgreSQL as the | ||
- | postgres superuser, and choose passwords for the two nav users you | ||
- | created (navread and navwrite), using "ALTER USER ... WITH PASSWORD | ||
- | '...'". Then you need to configure NAV to use these passwords when | ||
- | connecting to PostgreSQL. This is done in the config file | ||
- | /usr/local/nav/etc/db.conf, by changing the directives | ||
- | "userpw_navread" and "userpw_navwrite". | ||
- | |||
- | |||
- | Configuring Apache | ||
- | ================== | ||
- | Example Apache configuration has been provided elsewhere. Please | ||
- | don't forget that if you run Apache 1.3, your /etc/init.d/httpd should | ||
- | set (and export) the environment variable PYTHONHOME to contain the | ||
- | path to your non-threaded edition of Python. | ||
- | |||
- | Some tips if you wish to configure Apache from scratch: | ||
- | |||
- | - You need both mod_php4 and mod_python, and we strongly recommend | ||
- | mod_ssl. | ||
- | - Your document root should be /usr/local/nav/apache/webroot/. | ||
- | - .htaccess files below that directory should be allowed to override | ||
- | everything from the Apache configuration. | ||
- | - We strongly recommend that you force all users to access the NAV web | ||
- | interface through https instead of plain http, otherwise everything | ||
- | is sent to and from the web server unencrypted (including | ||
- | passwords). You can accomplish this by using a RewriteRule to have | ||
- | your web server redirect all http requests to https urls. | ||
- | |||
- | |||
- | Configuring Tomcat | ||
- | ================== | ||
- | NAV comes with two Java servlets, Network Explorer and vlanPlot (the | ||
- | interactive traffic map). The Tomcat servlet engine is the | ||
- | recommended container for these servlets. A Python module will | ||
- | forward Apache requests to these to servlets directly to a Tomcat | ||
- | server running on the local host. | ||
- | |||
- | You need to install and configure Tomcat on your NAV host, and make | ||
- | sure the two servlets (.war files) are in its webapps directory. | ||
- | The Python forwarding module will expect to find the Tomcat server | ||
- | listening on port 8080 (which is the Tomcat configuration default). | ||
- | |||
- | Also, these servlets may use large amounts of memory while processing | ||
- | some requests (especially if your port count is high, such as it is at | ||
- | NTNU); therefore it is recommended to increase the amount of memory | ||
- | available to the Java Virtual Machine running the Tomcat server. The | ||
- | Sun JVM usually reserves a maxium of 64MB for a Java program, but this | ||
- | can be changed using the -Xmx<size> option of java. This can be | ||
- | passed through to the JVM when starting Tomcat, e.g.:: | ||
- | |||
- | JAVA_OPTS="-Xmx128M" ./startup.sh | ||
- | |||
- | This should start Tomcat with a maximum heap memory size of 128MB. | ||
- | |||
- | |||
- | |||
- | Integrating Cricket with NAV | ||
- | ============================ | ||
- | This section assumes your cricket installation has been placed in | ||
- | /usr/local/nav/cricket/, with the cricket executables in | ||
- | /usr/local/nav/cricket/cricket/ (approximately as we all know from | ||
- | "Installing Cricket for the Complete Beginner" at | ||
- | http://cricket.sourceforge.net/support/doc/beginner.html, only that | ||
- | the prefix is different). | ||
- | |||
- | More detailed instructions for integrating Cricket with NAV can be | ||
- | found in /usr/local/nav/doc/cricket/README (with example files in the | ||
- | same directory) | ||
- | |||
- | To integrate your Cricket installation's public_html directory with | ||
- | the NAV web interface, to the following as root: | ||
- | |||
- | cd /usr/local/nav/apache/webroot | ||
- | ln -s /usr/local/nav/cricket/public_html cricket | ||
- | echo "SetHandler none" > cricket/.htaccess | ||
- | |||
- | NAV's toolbox comes ready with the "Statistics" tool, which sends you | ||
- | to the /cricket/ url. | ||
- | |||
- | |||
- | Configuring your environment | ||
- | ============================ | ||
- | Most NAV 3.0 programs rely on finding NAV libraries effortlessly. | ||
- | This means that certain environment variables should be set before NAV | ||
- | programs are invoked (this also means they need to be set before | ||
- | Apache starts). More specifically, the variables CLASSPATH, PERL5LIB | ||
- | and PYTHONPATH need to be set. Also, your java executable should be | ||
- | found on your PATH, or at least in $JAVA_HOME/bin . | ||
- | |||
- | A shell script has been provided to set these environment variables | ||
- | correctly, nav_environ.sh. This script needs to be sourced into your | ||
- | environment, preferrably at an early stage of your boot process, | ||
- | and/or at every user login. | ||
- | |||
- | At NTNU, the script is sourced into the enviroment in two places. The | ||
- | script has been placed in /etc/profile.d/. Every script here is | ||
- | sourced into the enviroment when a user logs in to a RedHat 9 system | ||
- | (though it seems root bypasses this). The same script is also sourced | ||
- | directly into the /etc/init.d/httpd script, by adding "source | ||
- | /etc/profile.d/nav_environ.sh" very near the beginning of the script. | ||
- | |||
- | |||
- | Configuring NAV | ||
- | =============== | ||
- | All configuration files are located below /usr/local/nav/etc/. | ||
- | Default configuration files are placed here on your first install. | ||
- | Most of these are self-documenting, so mostly you just need to read | ||
- | through the files to configure NAV to your needs. | ||
- | |||
- | As a minimum the following should be configured: | ||
- | |||
- | :: | ||
- | |||
- | In db.conf set: | ||
- | |||
- | userpw_navread= | ||
- | userpw_navwrite= | ||
- | |||
- | In nav.conf set: | ||
- | | ||
- | ADMIN_MAIL= | ||
- | DOMAIN_SUFFIX = .<your domain> | ||
- | |||
- | |||
- | |||
- | Starting daemons and cron jobs | ||
- | ============================== | ||
- | Starting and stopping NAV daemons and cron jobs is pretty much the | ||
- | same as in NAV v2. Running "/usr/local/nav/bin/nav start" should | ||
- | pretty much start everything. | ||
- | |||
- | |||
- | Logging in to the web interface | ||
- | =============================== | ||
- | When you first direct your browser to the NAV page served by your | ||
- | Apache, you are unauthenticated and will have the access privileges of | ||
- | an anonymous user. | ||
- | |||
- | You may log in to the web interface as the user "admin", using "admin" | ||
- | as your password. It is of course extremely recommended that you | ||
- | immediately change this password to something harder to guess. | ||
- | |||
- | The user "admin" is a member of the group "NAV Administrators", and | ||
- | will therefore have access to absolutely everything in the web | ||
- | interface. | ||
- | |||
- | |||
- | Managing accounts, groups and privileges in the web interface | ||
- | ============================================================= | ||
- | All this is accomplished through the Useradmin panel, which should be | ||
- | linked from the navigation bar of the admin user. The Useradmin panel | ||
- | is still somewhat lacking in good looks and usability, but it works. | ||
- | |||
- | |||
- | Seeding your database | ||
- | ===================== | ||
- | Seeding the database is no longer a process of maintaining text files | ||
- | containg information on your network equipment. All seeding of the | ||
- | database is now done through the web interface, using the editdb tool, | ||
- | which operates directly on the contents of the NAVdb. Open the web | ||
- | interface toolbox and select editdb. | ||
- | |||
- | Fortunately for you, editdb has the ability to bulk import data from | ||
- | text files that are mostly the same format as the old seed text files | ||
- | of NAV v2. | ||
- | |||
- | Tips for bulk importing: | ||
- | |||
- | - Due to dependencies within the database, it is recommended that you | ||
- | bulk import the seed files in the following order: Locations, Rooms, | ||
- | Vendors, Types, Organizations, User categories, Boxes, Services. | ||
- | The format of each bulk import type is documented in the bulk import | ||
- | forms of editdb. | ||
- | |||
- | - When bulk importing boxes, it is a good idea to split the seed files | ||
- | into smaller pieces. Bulk importing triggers a burst of SNMP | ||
- | queries, and if you are importing a large amount of boxes, your web | ||
- | browser may time out waiting for the web server's reply. | ||
- | |||
- | - Some vendors and types are already defined in the initial | ||
- | database. Before importing these, you can check which ones exist by | ||
- | looking at /editdb/vendor/list and /editdb/type/list | ||
- | |||
- | - If you are trying to import a nested organizational structure, it | ||
- | may be neccesary to import the organization file several times. | ||
- | |||
- | - Note that NAVv3 supports only these categories: | ||
- | GSW,GW,SW,EDGE,WLAN,SRV,OTHER. Equipment of all categories, except | ||
- | SRV and OTHER, is required to respond to SNMP queries, or it will | ||
- | not be allowed into the database. | ||
- | |||
- | - Subcategories can be defined for all main categories. | ||
- | </code> | ||
- | |||
- | |||
- | |||