Config Backup plugin help

Addons for Cacti and discussion about those addons

Moderators: Moderators, Developers

Author
Message
DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Config Backup plugin help

#1 Post by DarkLogix » Fri Apr 20, 2018 11:01 am

So I'm trying to load this
https://docs.cacti.net/plugin:routerconfigs

But I've hit an issue and question (could be a 2nd issue)

1. it says to run "chkconfig xinetd on" but that gives the error "error reading information on service xinetd: No such file or directory"
And yes I've already installed TFTP via "yum install tftp-server)

I also tried the newer "systemctl start xinetd" and would have then run "systemctl enable xinetd"

2. (ATM it's more of a question but might be an issue later.) What should the permissions and context be for the router config backup location? The page only said "and give the apache server and the tftp server permissions to access it."

For the moment I've set it to 777 and usr_t with updates to the fcontext db, but I want to be sure I have it right.
IMO it'd be awesome if the plugin was made into an RPM, and then hosted in a repo.

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

#2 Post by netniV » Fri Apr 20, 2018 1:19 pm

The Cacti Group doesn't handle any of the repo packages. Those are handled by people who normally maintain packages for the various distributions.

On the RouterConfigs front, if you are using the latest development version from GitHub, it now uses two directories. The first is the location of the TFTP server's folder where files are uploaded. RouterConfigs needs read/write access to that folder normally when it is running as the poller.

The second location is defaulted to 'backups' beneath the plugin folder and again, that should be read/write to the poller user. It should also be read/write to the website user as you may want to be able to delete/compare the configurations.

DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

#3 Post by DarkLogix » Fri Apr 20, 2018 3:21 pm

For read/write to the poller/website user, since this is RHEL 7 and Apache which users would those be?

After some digging I found the directory for the plugin to be added it was /usr/share/cacti/plugins

And now I'm having issues with tftp, it's not backing up any configs, and I even tested and a Cisco switch is unable to "copy run tftp" to it.
I get the error of "error opening tftp.... no such file."

I made a mount point lets call it /u01 with the directories /u01/Config-Backups and /u01/Archive and set the permissions to 766 on them recursively.
in the /etc/xinetd.d/tftp I set "server_args = -c -s /u01/Config-Backups"

So is there something I'm missing?

I also opened firewalld for tftp.
As a test I did "setenforce 0" but that didn't change anything.

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

#4 Post by netniV » Fri Apr 20, 2018 4:11 pm

You can run a manual backup from within RouterConfigs, you can also increase the level at which it records it's logging, even capturing the input/output buffer to the devices. I would suggest doing this to give you an idea of what is occurring. But before you do a backup, you need to make sure that you have TFTP installed and working, then edit the RouterConfig settings to make sure the TFTP folder is set.

DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

#5 Post by DarkLogix » Mon Apr 23, 2018 8:58 am

I think something is missing in the TFTP setup, I installed both Tftp-server and xinetd via "yum install tftp-server xinetd"

But ATM I tried SSH'ing to a cisco switch and doing "copy run tftp" and it fails to connect to the tftp server.

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

#6 Post by netniV » Tue Apr 24, 2018 12:13 pm

Firstly, make sure that TFTP is actually running and listening on it's correct port.

If you find that has been done, then make sure that either iptables or firewall-cmd is allowed the connection through if you are using either of those.

DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

#7 Post by DarkLogix » Fri Apr 27, 2018 1:32 pm

"systemctl status tftp" and "systemctl status xinetd" both show running.
For the firewall I did "firewall-cmd --permanent --zone=public --add-service=tftp" so the port is open on the OS firewall.

And oddly netstat shows TFTP is only listening on IPv6, though in the "/etc/xinetd.d/tftp" config file the only ref I see to 4 vs 6 is flags, and it's flags=ipv4.
Attachments
Netstat-TFTP.png
Netstat-TFTP.png (15.64 KiB) Viewed 1409 times

DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

#8 Post by DarkLogix » Fri Apr 27, 2018 1:40 pm

Ok I missed the "disable=" line in the "/etc/xinetd.d/tftp" file, but after chaning that from yes to now and then restarting via systemctl both tftp and xinetd and then even stoping firewalld (just to be sure) the copy still failed.

Also just incase I did a "setenforce 0" to test if SeLinux was at fault, no change.

After the config file edit netstat though does show xinetd listening on port 69, though the state is blank.

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

#9 Post by netniV » Sat Apr 28, 2018 5:37 am

I'd just remove the disable line by putting a comment in front of it. See whether that changes anything.

DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

#10 Post by DarkLogix » Tue May 01, 2018 4:05 pm

I just tried that and no change.

Sorry I didn't see this sooner, I though I had the notify me checked and was expecting an e-mail when there was a reply.

I tried putting the hash tag there and then "systemctl restart xinetd" it didn't make any difference.

Currently on the cisco device trying to copy the config it says "%Error opening tftp://(IP)/config (Undefined error)"

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

#11 Post by netniV » Wed May 02, 2018 3:35 am

Is there a firewall between the devices? (This includes locally on the TFTP server)

DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

#12 Post by DarkLogix » Wed May 02, 2018 3:52 am

The Cisco device I'm testing with is the one the vm host is directly connected to, so the only firewall is firewalld which I've stopped during testing with no change.

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

#13 Post by netniV » Wed May 02, 2018 6:58 am

Rather than stopping the firewall (some firewalls have a thing where their filter is a separate entity that decides if no rules are present assume block everything).

Try adding the service to the firewall rules.

http://www.bo-yang.net/2015/08/31/cento ... ftp-server

DarkLogix
Posts: 29
Joined: Thu Apr 19, 2018 1:08 pm

Re: Config Backup plugin help

#14 Post by DarkLogix » Wed May 02, 2018 7:53 am

I already added the service TFTP to the firewall, in my experience if FirewallD is stopped it's wide open.

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Config Backup plugin help

#15 Post by netniV » Wed May 02, 2018 9:04 am

I'm not sure what else to say, it's defintely a TFTP or Firewall setup issue if you can't connect from the network device to the server.

Post Reply