2014年9月12日 星期五

vyos [ vyatta ]


期盼了很久 Vyatta 的社群版終於出現了.
 [vyatta community edition next ... Vyos ?? ]
自從 Brocade 收編了 Vyatta 之後,
已經沒有 open source 版的 vyatta 可供更新與使用.
還好在 wiki 看到了一則訊息,就是 Vyos 的誔生!


about  vyatta

http://en.wikipedia.org/wiki/Vyatta

Vyatta Core
The free community Vyatta Core software(VC) is an
open source network operating system
providing advanced IPv4 and IPv6 routing, stateful firewalling,
 secure communication through both an IPSec based VPN
as well as through the SSL based OpenVPN.[5]

In October 2013 an independent group started a fork of Vyatta Core under VyOS name.[6]


http://vyos.net/wiki/User_Guide


Introduction

VyOS is a Linux-based network operating system that provides software-based
networkrouting, firewall, and VPN functionality.
The VyOS project was started in late 2013 as a community fork of the GPL
portions of Vyatta Core 6.6R1 with the goal of maintaining a free and open source
network operating system in response to the decision to discontinue the community
edition of Vyatta.
VyOS is primarily based on Debian GNU/Linux and the Quagga routing engine. It's
configuration syntax and command-line interface are loosely derived from Juniper
JUNOS as modeled by the XORP project (which was the original routing engine Vyatta
was based upon). Vyatta changed to the Quagga routing engine for release 4.0.



http://vyos.net/wiki/Migrating_from_Vyatta


Migrating from Vyatta LAB 


vyatta@vyatta:~$ show system image 
The system currently has the following image(s) installed:

   1: VC6.6R1 (default boot)

vyatta@vyatta:~$ show ver 
Version:      VC6.6R1
Description:  Vyatta Core 6.6 R1
Copyright:    2006-2013 Vyatta, Inc.
Built by:     autobuild@vyatta.com
Built on:     Tue Apr 30 21:18:42 UTC 2013
Build ID:     1304302121-de93a07
System type:  Intel 32bit
Boot via:     image
Hypervisor:   VMware
HW model:     VMware Virtual Platform
HW S/N:       VMware-56 4d 0a 12 df 64 2e 88-1c 4c 89 e2 cb 05 78 f4
HW UUID:      564D0A12-DF64-2E88-1C4C-89E2CB0578F4
Uptime:       11:56:19 up 12 min,  2 users,  load average: 0.24, 0.14, 0.08

vyatta@vyatta:~$ show configuration commands
set interfaces ethernet eth0 address '192.168.100.99/24'
set interfaces ethernet eth0 hw-id '00:0c:29:05:78:f4'
set interfaces ethernet eth1 hw-id '00:0c:29:05:78:fe'
set interfaces ethernet eth2 hw-id '00:0c:29:05:78:08'
set interfaces loopback 'lo'
set service ssh port '22'
set system config-management commit-revisions '20'
set system console device ttyS0 speed '9600'
set system login user vyatta authentication encrypted-password '$1$EtTv8/b4$0wgW4lkykvMSOoXN/8gKH.'
set system login user vyatta level 'admin'
set system ntp server '0.vyatta.pool.ntp.org'
set system ntp server '1.vyatta.pool.ntp.org'
set system ntp server '2.vyatta.pool.ntp.org'
set system package repository community components 'main'
set system package repository community distribution 'stable'
set system package repository community url 'http://packages.vyatta.com/vyatta'
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'

vyatta@vyatta:~$ add system image http://192.168.100.200/vyos-1.0.4-i586.iso
Trying to fetch ISO file from http://192.168.100.200/vyos-1.0.4-i586.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  213M  100  213M    0     0  5383k      0  0:00:40  0:00:40 --:--:-- 5583k
ISO download succeeded.
Checking for digital signature file...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (22) The requested URL returned error: 404
Unable to fetch digital signature file.
Do you want to continue without signature check? (yes/no) [yes]
Checking MD5 checksums of files on the ISO image...OK.
Done!
What would you like to name this image? [1.0.4]:
OK.  This image will be named: 1.0.4
Installing "1.0.4" image.
Copying new release files...
Would you like to save the current configuration
directory and config file? (Yes/No) [Yes]:
Copying current configuration...
Would you like to save the SSH host keys from your
current configuration? (Yes/No) [Yes]:
Copying SSH keys...
Setting up grub configuration...
Done.


vyatta@vyatta:~$ reboot
Proceed with reboot? (Yes/No) [No] yes

Broadcast message from root@vyatta (pts/0) (Sat Sep 13 11:59:42 2014):

The system is going down for reboot NOW!
vyatta@vyatta:~$

以 SSH 登入後的驗證畫面


但還是沒有 web UI


直接新安裝的畫面



以 SSH 登入後的畫面

Welcome to VyOS
Linux vyatta 3.3.8-1-586-vyatta #1 SMP Sun Nov 17 02:19:52 CET 2013 i686
Welcome to VyOS.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Sat Sep 13 12:39:45 2014 from 192.168.100.200
vyos@vyos:~$ show system image 
The system currently has the following image(s) installed:

   1: 1.0.4 (default boot)

vyos@vyos:~$ show ver 
Version:      VyOS 1.0.4
Description:  VyOS 1.0.4 (hydrogen)
Copyright:    2014 SO3 Group
Built by:     maintainers@vyos.net
Built on:     Mon Jun 16 16:01:30 UTC 2014
Build ID:     1406161601-32e5690
System type:  x86 32-bit
Boot via:     image
Hypervisor:   VMware
HW model:     VMware Virtual Platform
HW S/N:       VMware-56 4d 0a 12 df 64 2e 88-1c 4c 89 e2 cb 05 78 f4
HW UUID:      564D0A12-DF64-2E88-1C4C-89E2CB0578F4
Uptime:       12:40:30 up 3 min,  2 users,  load average: 0.15, 0.18, 0.08

vyos@vyos:~$ show configuration commands 
set interfaces ethernet eth0 address '192.168.100.99/24'
set interfaces ethernet eth0 hw-id '00:0c:29:05:78:f4'
set interfaces ethernet eth1 hw-id '00:0c:29:05:78:fe'
set interfaces ethernet eth2 hw-id '00:0c:29:05:78:08'
set interfaces loopback 'lo'
set service ssh port '22'
set system config-management commit-revisions '20'
set system console device ttyS0 speed '9600'
set system login user vyos authentication encrypted-password '$1$PytHQR0S$s8xrM13kk/YVbW0KR6s4n/'
set system login user vyos level 'admin'
set system ntp server '0.pool.ntp.org'
set system ntp server '1.pool.ntp.org'
set system ntp server '2.pool.ntp.org'
set system package repository community components 'main'
set system package repository community distribution 'hydrogen'
set system package repository community url 'http://packages.vyos.net/vyos'
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
vyos@vyos:~$


2014年9月8日 星期一

Logstash Shipper and Indexer


http://logstash.net/docs/1.2.2/tutorials/getting-started-centralized-overview-diagram.png




















logstash shipper configuration  

[root@CentOS6 init.d]# pwd
/etc/init.d
[root@CentOS6 init.d]# cat logstash-agent
#!/bin/bash
# From The Logstash Book
# The original of this file can be found at: http://logstashbook.com/code/index.html
#
#
# Logstash Start/Stop logstash
#
# chkconfig: 345 99 99
# description: Logstash
# processname: logstash

name="logstash-agent"
logstash_bin="/opt/logstash/bin/logstash"
logstash_conf="/etc/logstash/shipper.conf"
logstash_log="/var/log/logstash/shipper.log"

find_logstash_process () {
    PIDTEMP=`ps ux | grep logstash | grep java | awk '{ print $2 }'`
    # Pid not found
    if [ "x$PIDTEMP" = "x" ]; then
        PID=-1
    else
        PID=$PIDTEMP
    fi
}

start () {
    LOG_DIR=`dirname ${logstash_log}`
    if [ ! -d $LOG_DIR ]; then
      echo "Log dir ${LOG_DIR} doesn't exist. Creating"
      mkdir $LOG_DIR
    fi
    nohup ${logstash_bin} agent --verbose -f ${logstash_conf} --log ${logstash_log} > /dev/null 2>&1 &
}

stop () {
    find_logstash_process
    if [ $PID -ne -1 ]; then
        kill $PID
    fi
}

case $1 in
start)
        start
        ;;
stop)
        stop
        exit 0
        ;;
reload)
        stop
        sleep 2
        start
        ;;
restart)
        stop
        sleep 2
        start
        ;;
status)
        find_logstash_process
        if [ $PID -gt 0 ]; then
          echo "logstash running: $PID"
          exit 0
        else
          echo "logstash not running"
          exit 1
        fi
        ;;
*)
        echo $"Usage: $0 {start|stop|restart|reload|status}"
        RETVAL=1
esac
exit 0
[root@CentOS6 init.d]# cat /etc/logstash/shipper.conf 
input {
file {
        type => "syslog"
path => ["/syslog/apache/mod_jk*.log","/syslog/tomcat/*.log"]
        tags => "tomcat"
}
}


output {
       redis {
       host => "192.168.1.145"
       data_type => "list"
       key => "logstash"
       }
}
[root@CentOS6 init.d]#






















Logstash Indexer configuration 


[root@Test-Logstash conf.d]# pwd
/etc/logstash/conf.d
[root@Test--Logstash conf.d]# cat syslog.conf 
input {
  tcp {
    type => "syslog"
    port => 514
  }
  udp {
    type => "syslog"
    port => 514
  }
  redis {
host => "127.0.0.1"
type => "redis-input"
data_type => "list"
key => "logstash"
# codec => "json"
 }
}


filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
  if [type] == "apache" {
    grok {
      # See the following URL for a complete list of named patterns
      # logstash/grok ships with by default:
      # https://github.com/logstash/logstash/tree/master/patterns
      #
      # The grok filter will use the below pattern and on successful match use
      # any captured values as new fields in the event.
      match => { "message" => "%{COMBINEDAPACHELOG}" }
    }
    date {
      # Try to pull the timestamp from the 'timestamp' field (parsed above with
      # grok). The apache time format looks like: "18/Aug/2011:05:44:34 -0700"
      match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
    }
  }
}


output {
  elasticsearch {
    embedded => true
  }
}

[root@Test-Logstash conf.d]#