Jump to: navigation, search

Deployment of SSH and RSYNC

SSH is a secure protocol used to connect two computers over a given network. RSYNC is a highly efficient file transfer mechanism. LFMT leverages RSYNC over SSH connections to copy log files from an application server host to the LFMT Server Host(s). LFMT requires that all hosts to which LFMT will collect log files have both SSH and RSYNC installed. Likewise, SSH and RSYNC is also required on the LFMT Server Host(s).

This section describes how to deploy and configure SSH and RSYNC on all hosts in a LFMT deployment.

Tip
Genesys strongly recommends that you use an Administrator account when installing and configuring the following components. This user should be specified under the LFMT Collector option unix_user_account for Linux/UNIX environments, or the windows_user_account for Windows environments. For mixed environments, both options should be set accordingly.

On Linux

Purpose: Use this procedure to install SSH on all Linux hosts.

  1. Download OpenSSH from the following URL: http://www.openssh.org/
  2. From the Linux command line, enter the following command and press Enter:
    yum -y install openssh-server openssh-clients
  3. To start and enable the sshd server, enter the following commands, pressing Enter after each:
    chkconfig sshd on
    service sshd start
  4. To open port 22 over which all IP addresses will communicate with RSYNC and the LFMT, enter the following commands, pressing Enter after each:
    /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp
    --dport 22 -j ACCEPT
    service iptables save

Purpose: Use this procedure to install RSYNC on all Linux hosts.

  1. Ensure OpenSSH has been installed on the application server host.
  2. On the command line, enter one of the following commands, depending on your Linux operating system:
    1. On Ubuntu systems
    2. yum install rsync
    3. On Red Hat Enterprise Linux and CentOS systems
    4. yum -y install rsync
  3. Press Enter.

Purpose: Use this procedure to create and distribute public encryption keys for securing log file transfer between the LFMT Server Host(s) and the application server hosts.

  1. On the command line, enter the following commands, and press Enter after each:
    yum install tcl
    yum install expect
    Important
    The tcl package is included in RHEL, CentOS and Ubuntu. The expect package is part of tcl.
  2. Open (or create, if necessary) the keys_conf.txt file in the text editor. (A sample copy is located under the <LFMT Collector Install Directory>/utilities directory.)
  3. Enter all the information about each application server host (host name, user name, password), one server per line with information fields separated by a tab character, as follows:

    <host><tab><username><tab><password>

    For example, the following is a keys_conf.txt file for three application server hosts:
    ca-to-alum genesysWIN password
    ca-to-bond genesysWIN password
    ca-to-port genesysLNX password
    Important
    Passwords must not contain the following special characters: (){}[]'"\/$

    The value for username given in the keys_conf.txt file is case-sensitive. The case of this value should reflect that which is configured on the domain controller. To ensure the proper case, the following command can be run from the terminal window to query the domain controller:

    mkpasswd -d -u <username>

    The above command will produce an output similar to that below:

    <username>:unused:77777:11111:<User Name>,U-<DOMAIN>\<username>,S-1-8-21-2222222222-965789356-1112345605-55555:/home/<username>:/bin/bash
    The case used for defining username should reflect the first instance of its occurrence in the above output. The same case for username should be used when defining unix_user_account or windows_user_account in the LFMT Collector configuration options.
  4. Save the file.
  5. Ensure that the <LFMT Collector Install Directory>/lfm_keys.sh file is in the same directory as the keys_conf.txt file.
  6. Open a Linux terminal and navigate to the directory where the lfm_keys.sh file is stored.
  7. Execute the script:
    ./lfm_keys.sh

    The time taken for this script to execute depends on the number of application server hosts defined in the keys_conf.txt file.

    Tip
    Because it contains user names and passwords, you may want to delete the keys_conf.txt file or move it to a secure location after using it to configure LFMT. You will need to edit or recreate this file anytime you want to add new application servers to LFMT log collection.

On Windows

Purpose: On Windows, SSH and RSYNC are available via a Linux emulator named Cygwin. Use this procedure to install Cygwin on a Windows host.

  1. Locate and extract the cygwin.zip file that is found in the <LFMT Collector Install Directory>\utilities directory.
  2. From the location where the cygwin.zip file was extracted, run the setup.exe file from the Cygwin Setup File folder.
  3. Select Install from Local Directory.
  4. Set the following parameters:
    1. Set the root directory to the path where Cygwin is to be installed.
    2. Select Install for All Users.
    3. In the Local Package Directory field, specify the path to the Cygwin local directory folder found in the location where the cygwin.zip file was extracted.
    4. Click Next.
  5. Select the following packages to install.
    1. From Admin, select all of the packages.
    2. From Archive, select the unzip and zip packages.
    3. From Editors, select the vim package.
    4. From Net, select the openssh, rsync, and tcp_wrappers packages.
    5. From Tcl, select expect package.
  6. Click Next to install the packages.
  7. On the Installation Complete screen, click Finish.
  8. Add values to the Environment PATH variable, as follows:
    1. Right-click on the My Computer icon on your desktop and select Properties from the drop-down menu.
    2. Open the Advanced tab and click Environment Variables.
    3. Create a new system variable, CYGWIN_HOME, and set the value to the directory where the Cygwin folder is stored. For example, name=CYGWIN_HOME, value=C:\Cygwin. Click OK.
    4. Scroll through the System variables list, and select PATH, then click Edit.
    5. Add %CYGWIN_HOME%\bin to the existing parameters. Make sure that the %CYGWIN_HOME%\bin is set AFTER the path to PERL lib folder.
    6. Click OK twice more to close the System Properties dialog box.

Purpose: Use this procedure to configure SSH for LFMT on a Windows host.

  1. Right-click on the Cygwin terminal icon and select “Run as administrator”.
  2. Navigate to the directory containing the cygwin_setup.sh file.
  3. Convert the cygwin_setup.sh file to the Unix text format. Enter:
    dos2unix cygwin_setup.sh 
  4. Configure the SSH service. Enter:
    bash cygwin_setup.sh <username> "<password>"
  5. Copy cygwin_setup.sh and cygrun.bat files under <LFMT Collector Install Directory>\utilities to the root folder of the Cygwin installation.
    Important
    Passwords must not contain the following special characters: (){}[]'"\/$
    The screenshot below shows the messages received during a successful deployment of the SSH service.
  6. CygwinSSHD.png

Purpose: On Windows, SSH and RSYNC are available via a Linux emulator named Cygwin. Use this procedure to mass deploy Cygwin from a Windows host to all other Windows hosts.

  1. Install and configure SSH and RSYNC on at least one Windows host via the steps above. This is the primary Windows host.
  2. Ensure WMIC is installed on the application server host, and the Windows firewall is configured to allow a WMIC connection. To test that WMIC is working properly on the application server host, go to http://wiki.serverscheck.com/index.php/Testing_wmi.
  3. Ensure all hosts to which Cygwin is being deployed have hostnames that can be resolved from the primary Windows host.
  4. Locate and extract the cygwin.zip file that is found in the <LFMT Collector Install Directory>\utilities directory.
  5. Create a new network shared folder from the extracted cygwin.zip file.
  6. Open (or create, if necessary) the cygwin_conf.txt file (a sample copy is located under found under <LFMT Collector Install directory>\utilities) in the text editor.
  7. Enter in this file all information about each application server host (computer name, domain, username, password), one server per line, with information fields separated by a tab character. The format of each line is as follows:

    <host><tab><domain><tab><primary drive><tab><username><tab><password>

    For example, the following is a cygwin_conf.txt file for three application server hosts:
    ca-to-alum Genesys C: genesysWIN password
    ca-to-bond Genesys L: genesysWIN password
    ca-to-west Genesys I: genesysWIN password

    The values for domain and username given in the cygwin_conf.txt file are case-sensitive. The case of these values should reflect that which is configured on the domain controller. To ensure the proper case, the following command can be run in the Cygwin terminal to query the domain controller:

    mkpasswd -d -u <username>

    The above command will produce an output similar to that below:

    <username>:unused:77777:11111:<User Name>,U-<DOMAIN>\<username>,S-1-8-21-2222222222-965789356-1112345605-55555:/home/<username>:/bin/bash
    The case used for defining domain and username should reflect the first instance of their occurrence in the above output. The same case for username should be used when defining windows_user_account in the LFMT Collector configuration options.
  8. Save the file.
  9. Right-click on the command prompt and select “Run as administrator”.
  10. Navigate to the directory containing the deploy_cygwin.pl file.
  11. Deploy Cygwin to all hosts in the cygwin_conf.txt file. Enter:
    perl deploy_cygwin.pl

    Follow the prompts. Wait for the script to run to completion; the time it takes will depend on how many application server hosts are listed in cygwin_conf.txt.

    Important
    Because it contains user names and passwords, you may want to delete the cygwin_conf.txt file or move it to a secure location after using it to configure LFMT. You will need to edit or recreate this file anytime you want to add new application servers to LFMT log collection.

Purpose: Use this procedure to create and distribute public encryption keys for securing log file transfer between the LFMT Server Host(s) and the application server hosts.

  1. Open (or create, if necessary) the keys_conf.txt file (a sample copy is located under the “<LFMT Collector Install Directory>\utilities” directory) in the text editor.
  2. Enter all the information about each application server host (host name, username, password), one server per line with information fields separated by a tab character as follows:

    <host><tab><username><tab><password>

    For example, the following is a keys_conf.txt file for three application server hosts:
    ca-to-alum genesysWIN password
    ca-to-bond genesysWIN password
    ca-to-port genesysLNX password
    Important
    Passwords must not contain the following special characters: (){}[]'"\/$

    The values for domain and username given in the cygwin_conf.txt file are case-sensitive. The case of these values should reflect that which is configured on the domain controller. To ensure the proper case, the following command can be run in the Cygwin terminal to query the domain controller:

    mkpasswd -d -u <username>

    The above command will produce an output similar to that below:

    <username>:unused:77777:11111:<User Name>,U-<DOMAIN>\<username>,S-1-8-21-2222222222-965789356-1112345605-55555:/home/<username>:/bin/bash
    The case used for defining username should reflect the first instance of its occurrence in the above output. The same case for username should be used when defining unix_user_account or windows_user_account in the LFMT Collector configuration options.
  3. Save the file.
  4. Verify that the lfm_keys.sh file is in the same directory as the keys_conf.txt file.
  5. Right-click on the Cygwin terminal icon and select “Run as administrator”.
  6. Navigate to lfm_keys.sh directory.
  7. Convert the lfm_keys.sh file to the Unix text format. Enter:
    dos2unix lfm_keys.sh
  8. Configure SSH on all hosts in the keys_conf.txt file. Enter:
    bash lfm_keys.sh

    The time taken for this script to execute depends on the number of application server hosts defined in the keys_conf.txt file.

    Tip
    Because it contains user names and passwords, you may want to delete the keys_conf.txt file or move it to a secure location after using it to configure LFMT. You will need to edit or recreate this file anytime you want to add new application servers to LFMT log collection.

Important Notes

After you have installed and configured SSH and RSYNC, ensure the following:

  • Check Firewalls—On all hosts, ensure that the SSH port is not blocked. The default SSH port should be port 22.
  • Check Hosts File—If the LFMT Server Host(s) is not configured with DNS, ensure its hosts file contains the names and IP addresses of each application server host. Consult your system administrator for the location of the hosts file.
This page was last modified on October 5, 2016, at 07:12.

Feedback

Comment on this article:

blog comments powered by Disqus