2024年6月21日 星期五

How to use OTP Login Windows (VyOS + freeradius + Google Authenticator + pGina)

 安裝及設定參考 URL 如下:

https://hackmd.io/@farmer87/enable_2fa

關於這個主題我之前寫的筆記

https://xrcd2.blogspot.com/2015/03/vyos-openvpn-plugin-otp-sop.html

https://xrcd2.blogspot.com/2016/01/cisco-radius-otp.html

https://xrcd2.blogspot.com/2016/09/vyosopenvpnmfa.html

軟體安裝來源

https://vyos.io

http://pgina.org

手動修改重點:

==> SourceList

deb http://ftp.tw.debian.org/debian bookworm main non-free-firmware

==> freeradius.service

/lib/systemd/system/freeradius.service 執行身份改為 => root


DEMO









2024年6月8日 星期六

Zabbix 7.0 LTS 版本試裝

 備妥 LAPP (Liunx Apache PostgreSQL PHP) 或

 LAMP (Liunx Apache MYSQL PHP) ....的運行環境

我的安裝順序 Liunx Apache Mysql (MariadDB) PHP ,

因為之前已測試過 LibreNMS 在 Oracle 9 的運行環境. 

故這次僅需加裝上PostgreSQL即可.在安裝之前先看了一下  release_notes 資訊,

進而得知它支援 TimescaleDB 2.13 與  PostgreSQL 16 ,

之前都是亂裝一通導致 Zabbix 裝不起來的情事.GG

所以先行將 PostgreSQL 16 + TimescaleDB 2.13 的組合先行安裝.


https://www.zabbix.com/release_notes


==> Updated max supported TimescaleDB version to 2.13 Server

==> Increased PostgreSQL maximum supported version to 16


PostgreSQL 16 可參考如下 URL 

https://www.postgresql.org/download/


因為我是使用 Oracle Linux 所以是看這個.

https://www.postgresql.org/download/linux/redhat/

安裝操作依官網 SOP 即可...

# Install the repository RPM:

sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm


# Disable the built-in PostgreSQL module:

sudo dnf -qy module disable postgresql


# Install PostgreSQL:

sudo dnf install -y postgresql16-server


# Optionally initialize the database and enable automatic start:


sudo /usr/pgsql-16/bin/postgresql-16-setup initdb

sudo systemctl enable postgresql-16

sudo systemctl start postgresql-16


PostgreSQL安裝完成後,重要的設定及安裝程式會放置在這二處


[root@Oracle9 pgsql-16]# pwd

/usr/pgsql-16

[root@Oracle9 16]# pwd

/var/lib/pgsql/16


為方便後續的操作及使用

vi  /etc/profile

最下方處加上如下設定.

PATH=$PATH:/usr/pgsql-16/bin/

export PATH

PGDATA=/var/lib/pgsql/16/data

export PGDATA

及做一些必要的 postgresql 服務設定.

vi /var/lib/pgsql/16/data/pg_hba.conf 

vi /var/lib/pgsql/16/data/postgresql.conf 

===============================================

TimescaleDB 可參考如下 URL 

https://packagecloud.io/timescale/timescaledb/install

因為我是要下載及安裝指定版本,故我選擇用手動下載及安裝的方式進行之.

TimescaleDB 2.13  可參考如下 URL 

https://packagecloud.io/timescale/timescaledb

下載

wget --content-disposition "https://packagecloud.io/timescale/timescaledb/packages/el/9/timescaledb-2-loader-postgresql-16-2.13.0-0.el9.x86_64.rpm/download.rpm?distro_version_id=240"

wget --content-disposition "https://packagecloud.io/timescale/timescaledb/packages/el/9/timescaledb-2-postgresql-16-2.13.0-0.el9.x86_64.rpm/download.rpm?distro_version_id=240"

wget --content-disposition "https://packagecloud.io/timescale/timescaledb/packages/el/9/timescaledb-tools-0.15.0-0.el9.x86_64.rpm/download.rpm?distro_version_id=240"

手動安裝 timescaledb-2-postgresql-16-2.13

[root@Oracle9 tmp]# cd timescaledb-2-pg16/

[root@Oracle9 timescaledb-2-pg16]# ll

total 3032

-rw-r--r-- 1 root root   28055 Nov 29  2023 timescaledb-2-loader-postgresql-16-2.13.0-0.el9.x86_64.rpm

-rw-r--r-- 1 root root  684479 Nov 29  2023 timescaledb-2-postgresql-16-2.13.0-0.el9.x86_64.rpm

-rw-r--r-- 1 root root 2386633 Nov  6  2023 timescaledb-tools-0.15.0-0.el9.x86_64.rpm

[root@Oracle9 timescaledb-2-pg16]# rpm -ivh timescaledb-tools-0.15.0-0.el9.x86_64.rpm 

Verifying...                          ################################# [100%]

Preparing...                          ################################# [100%]

Updating / installing...

   1:timescaledb-tools-0.15.0-0.el9   ################################# [100%]


[root@Oracle9 timescaledb-2-pg16]# rpm -ivh timescaledb-2-loader-postgresql-16-2.13.0-0.el9.x86_64.rpm 

Verifying...                          ################################# [100%]

Preparing...                          ################################# [100%]

Updating / installing...

   1:timescaledb-2-loader-postgresql-1################################# [100%]

Using pg_config located at /usr/pgsql-16/bin/pg_config to finish installation...


[root@Oracle9 timescaledb-2-pg16]# rpm -ivh timescaledb-2-postgresql-16-2.13.0-0.el9.x86_64.rpm 

Verifying...                          ################################# [100%]

Preparing...                          ################################# [100%]

Updating / installing...

   1:timescaledb-2-postgresql-16-2.13.################################# [100%]

Using pg_config located at /usr/pgsql-16/bin/pg_config to finish installation...


TimescaleDB has been installed. You need to update your postgresql.conf file

to load the library by adding 'timescaledb' to your shared_preload_libraries.

The easiest way to do this (and more configuration) is to use timescaledb-tune:

timescaledb-tune --pg-config=/usr/pgsql-16/bin/pg_config


依指示做  timescaledb-tune  


[root@Oracle9 timescaledb-2-pg16]# timescaledb-tune --pg-config=/usr/pgsql-16/bin/pg_config

Using postgresql.conf at this path:

/var/lib/pgsql/16/data/postgresql.conf


Is this correct? [(y)es/(n)o]: y

Writing backup to:

/tmp/timescaledb_tune.backup202406091011


shared_preload_libraries needs to be updated

Current:

#shared_preload_libraries = ''

Recommended:

shared_preload_libraries = 'timescaledb'

Is this okay? [(y)es/(n)o]: y

success: shared_preload_libraries will be updated


Tune memory/parallelism/WAL and other settings? [(y)es/(n)o]: y

Recommendations based on 7.31 GB of available memory and 4 CPUs for PostgreSQL 16


Memory settings recommendations

Current:

shared_buffers = 128MB

#effective_cache_size = 4GB

#maintenance_work_mem = 64MB

#work_mem = 4MB

Recommended:

shared_buffers = 1871MB

effective_cache_size = 5614MB

maintenance_work_mem = 958185kB

work_mem = 4790kB

Is this okay? [(y)es/(s)kip/(q)uit]: y

success: memory settings will be updated


Parallelism settings recommendations

Current:

missing: timescaledb.max_background_workers

#max_worker_processes = 8

#max_parallel_workers_per_gather = 2

#max_parallel_workers = 8

Recommended:

timescaledb.max_background_workers = 16

max_worker_processes = 23

max_parallel_workers_per_gather = 2

max_parallel_workers = 4

Is this okay? [(y)es/(s)kip/(q)uit]: y

success: parallelism settings will be updated


WAL settings recommendations

Current:

#wal_buffers = -1

min_wal_size = 80MB

Recommended:

wal_buffers = 16MB

min_wal_size = 512MB

Is this okay? [(y)es/(s)kip/(q)uit]: y

success: WAL settings will be updated


Background writer settings recommendations

Current:

Recommended:

Is this okay? [(y)es/(s)kip/(q)uit]: y

success: background writer settings will be updated


Miscellaneous settings recommendations

Current:

#default_statistics_target = 100

#random_page_cost = 4.0

#checkpoint_completion_target = 0.9

#max_locks_per_transaction = 64

#autovacuum_max_workers = 3

#autovacuum_naptime = 1min

#effective_io_concurrency = 1

Recommended:

default_statistics_target = 100

random_page_cost = 1.1

checkpoint_completion_target = 0.9

max_locks_per_transaction = 64

autovacuum_max_workers = 10

autovacuum_naptime = 10

effective_io_concurrency = 256

Is this okay? [(y)es/(s)kip/(q)uit]: y

success: miscellaneous settings will be updated

Saving changes to: /var/lib/pgsql/16/data/postgresql.conf

[root@Oracle9 timescaledb-2-pg16]# 

====>   systemctl restart postgresql-16

到這裡 Zabbix 安裝的前置作業應該差不多完成了.

==============================================

Zabbix 安裝及設定可參考如下 URL 

https://www.zabbix.com/download

我是看這裡操作的.

https://www.zabbix.com/download?zabbix=7.0&os_distribution=oracle_linux&os_version=9&components=server_frontend_agent&db=pgsql&ws=apache

安裝操作依官網 SOP 即可...大致如下....

PS 我是使用 Oracle Linux 9 所以有些許小異動...

A

# echo "excludepkgs=zabbix*" >> /etc/yum.repos.d/oracle-epel-ol9.repo 

# rpm -Uvh https://repo.zabbix.com/zabbix/7.0/oracle/9/x86_64/zabbix-release-7.0-2.el9.noarch.rpm

# dnf clean all

B

# dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent

C

# sudo -u postgres createuser --pwprompt zabbix

# sudo -u postgres createdb -O zabbix zabbix

#zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix

D

vi /etc/zabbix/zabbix_server.conf

....

DBHost=127.0.0.1

DBName=zabbix

DBSchema=public

DBUser=zabbix

DBPassword=zabbix

.....

E

# systemctl restart zabbix-server zabbix-agent httpd php-fpm

# systemctl enable zabbix-server zabbix-agent httpd php-fpm

=====================================================

[root@Oracle9 data]# netstat -antlp | grep "LISTEN" 

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      792/sshd: /usr/sbin 

tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           

tcp        0      0 0.0.0.0:37989           0.0.0.0:*               LISTEN      -                   

tcp        0      0 127.0.0.1:44321         0.0.0.0:*               LISTEN      1071/pmcd           

tcp        0      0 0.0.0.0:38035           0.0.0.0:*               LISTEN      841/rpc.statd       

tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      9173/zabbix_agentd  

tcp        0      0 0.0.0.0:10051           0.0.0.0:*               LISTEN      9175/zabbix_server  

tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      -                   

tcp        0      0 127.0.0.1:4330          0.0.0.0:*               LISTEN      2544/pmlogger       

tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN      837/snmpd           

tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      7767/postgres       

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      939/mariadbd        

tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      3338/sshd: XXXX 

tcp        0      0 0.0.0.0:20048           0.0.0.0:*               LISTEN      869/rpc.mountd      

tcp6       0      0 :::22                   :::*                    LISTEN      792/sshd: /usr/sbin 

tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           

tcp6       0      0 :::80                   :::*                    LISTEN      9923/httpd          

tcp6       0      0 ::1:44321               :::*                    LISTEN      1071/pmcd           

tcp6       0      0 :::41563                :::*                    LISTEN      -                   

tcp6       0      0 :::10050                :::*                    LISTEN      9173/zabbix_agentd  

tcp6       0      0 :::10051                :::*                    LISTEN      9175/zabbix_server  

tcp6       0      0 :::2049                 :::*                    LISTEN      -                   

tcp6       0      0 ::1:5432                :::*                    LISTEN      7767/postgres       

tcp6       0      0 ::1:6010                :::*                    LISTEN      3338/sshd: XRCD2 

tcp6       0      0 ::1:4330                :::*                    LISTEN      2544/pmlogger       

tcp6       0      0 :::3306                 :::*                    LISTEN      939/mariadbd        

tcp6       0      0 :::20048                :::*                    LISTEN      869/rpc.mountd      

tcp6       0      0 :::36655                :::*                    LISTEN      841/rpc.statd       

[root@Oracle9 data]# 

=================================================================

Zabbix 加裝 timescaledb

https://www.zabbix.com/documentation/current/en/manual/appendix/install/timescaledb

安裝操作依官網 SOP 即可...大致如下....

[root@Oracle9 yum.repos.d]# echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -u postgres psql zabbix

WARNING:  

WELCOME TO

 _____ _                               _     ____________  

|_   _(_)                             | |    |  _  \ ___ \ 

  | |  _ _ __ ___   ___  ___  ___ __ _| | ___| | | | |_/ / 

  | | | |  _ ` _ \ / _ \/ __|/ __/ _` | |/ _ \ | | | ___ \ 

  | | | | | | | | |  __/\__ \ (_| (_| | |  __/ |/ /| |_/ /

  |_| |_|_| |_| |_|\___||___/\___\__,_|_|\___|___/ \____/

               Running version 2.13.0

For more information on TimescaleDB, please visit the following links:


 1. Getting started: https://docs.timescale.com/timescaledb/latest/getting-started

 2. API reference documentation: https://docs.timescale.com/api/latest


Note: TimescaleDB collects anonymous reports to better understand and assist our users.

For more information and how to disable, please see our docs https://docs.timescale.com/timescaledb/latest/how-to-guides/configuration/telemetry.


CREATE EXTENSION

[root@Oracle9 yum.repos.d]# 


[root@Oracle9 timescaledb]# cat /usr/share/zabbix-sql-scripts/postgresql/timescaledb/schema.sql | sudo -u zabbix psql zabbix

NOTICE:  function base36_decode(pg_catalog.varchar) does not exist, skipping

DROP FUNCTION

CREATE FUNCTION

NOTICE:  function cuid_timestamp(pg_catalog.varchar) does not exist, skipping

DROP FUNCTION

CREATE FUNCTION

NOTICE:  PostgreSQL version 16.3 is valid

NOTICE:  TimescaleDB extension is detected

NOTICE:  TimescaleDB version 2.13.0 is valid

WARNING:  column type "character varying" used for "source" does not follow best practices

HINT:  Use datatype TEXT instead.

WARNING:  column type "character varying" used for "value" does not follow best practices

HINT:  Use datatype TEXT instead.

WARNING:  column type "character varying" used for "auditid" does not follow best practices

HINT:  Use datatype TEXT instead.

WARNING:  column type "character varying" used for "username" does not follow best practices

HINT:  Use datatype TEXT instead.

WARNING:  column type "character varying" used for "ip" does not follow best practices

HINT:  Use datatype TEXT instead.

WARNING:  column type "character varying" used for "resource_cuid" does not follow best practices

HINT:  Use datatype TEXT instead.

WARNING:  column type "character varying" used for "resourcename" does not follow best practices

HINT:  Use datatype TEXT instead.

WARNING:  column type "character varying" used for "recordsetid" does not follow best practices

HINT:  Use datatype TEXT instead.

NOTICE:  TimescaleDB is configured successfully

DO

[root@Oracle9 timescaledb]#

======================================================

檢查看看

[root@Oracle9 timescaledb]# su - postgres

[postgres@Oracle9 ~]$ psql

psql (16.3)

Type "help" for help.


postgres=# \l

                                                       List of databases

   Name    |  Owner   | Encoding | Locale Provider |   Collate   |    Ctype    | ICU Locale | ICU Rules |   Access privileges   

-----------+----------+----------+-----------------+-------------+-------------+------------+-----------+-----------------------

 postgres  | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | 

 template0 | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | =c/postgres          +

           |          |          |                 |             |             |            |           | postgres=CTc/postgres

 template1 | postgres | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | =c/postgres          +

           |          |          |                 |             |             |            |           | postgres=CTc/postgres

 zabbix    | zabbix   | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | 

(4 rows)


postgres=# \dn+

                                       List of schemas

  Name  |       Owner       |           Access privileges            |      Description       

--------+-------------------+----------------------------------------+------------------------

 public | pg_database_owner | pg_database_owner=UC/pg_database_owner+| standard public schema

        |                   | =U/pg_database_owner                   | 

(1 row)



postgres=# exit

[postgres@Oracle9 ~]$ exit

logout

[root@Oracle9 data]# 


DEMO





壓測工具

https://pypi.org/project/cpu-load-generator/


LineNotify Alert DEMO