Monthly Archives: December 2014

ntp.yaojun.sg – Stratum-1 NTP server on a Raspberry Pi

Posted on by .
Leave a reply

I have been running ntp.yaojun.sg for NTP service on a Raspberry PI for a while. This is service is part of pool.ntp.org and responds to sg.pool.ntp.org and asia.pool.ntp.org. However, my SD card decided to give up recently when I wanted to explore SNMP tools for monitoring purposes.

The GPS module I am using is from HAB. I gotten this particular module late last year built specifically for the older Raspberry Pi Model B. My NTP service was made public around March 2014 using a ready made image. However, just looking at how 2014 turn out, it is important to keep both base system and NTP patched. In addition, it is not advisable to just run a “BlackBox” because you never know what’s going on inside it. So here I am restoring the service from a clean Raspbian image.

Do note that the module requires a GPS 3D lock for PPS to work, so remember to connect your antenna. I was scratching my head on why my PPS was not working and had to contact the friendly vendor to ask if I have a dead card.

Installing Raspbian into Raspberry Pi is a straight forward process. After the basic configuration (resizing the File System, locale, timezone and etc), remember to configure Rasbian to disable the serial shell under the advanced settings. Also update and patch the system.

apt-get update
apt-get dist-upgrade
rpi-update

Recent development in Raspbian allows the use of PPS devices without recompiling the kernel. We need to configure the system to use the PPS on the GPIO port.

Edit /boot/config.txt add the following line,

dtoverlay=pps-gpio,gpiopin=18

Add the following line to /etc/modules,

pps-gpio

Install the GPS and PPS tools

apt-get install pps-tools libcap-dev gpsd gpsd-clients python-gps

Configure gpsd to use the GPS sensor at /dev/ttyAMA0 and enable -n as a option using dpkg-reconfigure to allow ntpd to use the GPS clock and remember to enable the gpsd daemon

systemctl enable gpsd.socket
dpkg-reconfigure gpsd

and you will be able to see your GPS data using

cgps -s

Check that your PPS clock is working

ppstest /dev/pps0

Remove default NTP client (which does not work with the GPS and PPS)

apt-get remove ntp

Install NTP dependencies to ensure successful build of NTP from source

apt-get install libbsd-dev libssl-dev

Install checkinstall to compile source to binaries safely

apt-get install checkinstall

Get the latest NTP source code from www.ntp.org, untar and compile. This is not a fancy high speed CPU so compiling will take some time (estimate 30 minutes).

./configure --enable-linuxcaps --with-NMEA --with-ATOM
make 
checkinstall

Follow through checkinstall wizard.

Symbolically link compiled binaries to well defined paths,

ln -s /usr/local/bin/ntp* /usr/bin/
ln -s /usr/local/sbin/ntp* /usr/sbin/

Edit /etc/init.d/ntp to use the compiled binaries,

#PATH=/sbin:/bin:/usr/sbin:/usr/bin
PATH=/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#DAEMON=/usr/sbin/ntpd
DAEMON=/usr/local/sbin/ntpd

Edit /etc/ntp.conf to use PPS and GPS as Stratum-0 and Stratum-1. This will make PPS disciplined by GPS and verified by other NTP servers.

# pps-gpio on /dev/pps0
server 127.127.22.0 minpoll 4 maxpoll 4
fudge 127.127.22.0 refid PPS
fudge 127.127.22.0 flag3 1  # enable kernel PLL/FLL clock discipline
# gpsd shared memory clock
server 127.127.28.0 minpoll 4 maxpoll 4 prefer  # PPS requires at least one preferred peer
fudge 127.127.28.0 refid GPSD
fudge 127.127.28.0 time1 +0.150 stratum 1 # coarse processing delay offset

Lock the ntp binaries to prevent apt from overwriting from packages

apt-make hold ntp

Nagios (Part 1) – Installing Nagios 4 on FreeBSD 10.1

Posted on by .
Leave a reply

Nagios is one of the popular network and systems monitoring tool available. There are two main flavours of Nagios, Nagios XI the enterprise software and Nagios-Core the “Open-Source” version. This post serves as a tutorial on setting it up on FreeBSD 10.1-Release that runs inside a vSphere environment.

Update FreeBSD base system

freebsd-update fetch
freebsd-update install

Get FreeBSD Ports Tree

portsnap fetch extract update

One of the strength of FreeBSD is the FreeBSD ports tree which is a huge repository of make files for installation in FreeBSD. FreeBSD ports tree are maintained by the FreeBSD ports team and they are well maintained and very much up to date. Software can be compiled from source with the use of additional flags made possible by the make system in FreeBSD. If compiling is not your cup of tea, FreeBSD 10 also has the pkg system where binary packages are download from a repository tree much like yum in RHEL/Centos and apt-get in Debian/Ubuntu.

Setting Up OpenSSL

With a handful of SSL related vulnerabilities made public this year, it is advisable to use the Ports version of OpenSSL as it is much more current as compared with the one that came with the base OS. Many applications have a dependency on OpenSSL for SSL connections, so it is advisable to install this first in a new system.

cd /usr/ports/security/openssl
make config-recursive
make install clean

In order to use the ports version of openssl we need to edit /etc/make.conf,

echo "WITH_OPENSSL_PORT=YES" >> /etc/make.conf

Configuring OpenSSL

mv /usr/bin/openssl /usr/bin/openssl.default
ln -s /usr/local/bin/openssl /usr/bin/
cp /usr/local/openssl/openssl.cnf.example /usr/local/openssl/openssl.cnf

Setting Up PortMaster

PortMaster is a tool to manage the ports that are installed on the FreeBSD system which includes easy upgrading of ports.

cd /usr/ports/ports-mgmt/portmaster
make config-recursive
make install clean

Open-VM-Tools

Although VMware freebsd tools works, VMware is always slow in the release of the tools for FreeBSD.

cd /usr/ports/emulators/open-vm-tools-nox11/
make config-recursive
make install clean

Make sure that the Open-VM-Tools works on reboot by editing the /etc/rc.conf

vmware_guest_vmblock_enable="YES"
vmware_guest_vmhgfs_enable="YES"
vmware_guest_vmmemctl_enable="YES"
vmware_guest_vmxnet_enable="YES"
vmware_guestd_enable="YES"

Vim-Lite

We all need our favourite text editor to configure Nagios and other configuration files.

cd /usr/ports/editors/vim-lite
make config-recursive
make install clean

edit ~/.vimrc

syntax on
set background=dark
set shiftwidth=2
set tabstop=2
set nocompatible
set expandtab
set autoindent
set ruler
if has("autocmd")
 filetype plugin indent on
endif
set showcmd " Show (partial) command in status line.
set showmatch " Show matching brackets.
set ignorecase " Do case insensitive matching
set smartcase " Do smart case matching
set incsearch " Incremental search
set hidden " Hide buffers when they are abandoned
set backspace=indent,eol,start
set mouse=

SSMTP

Refer to this article to setup an authenticated system email with Gmail.

Web Server

Nagios has a web based dashboard to provide an overview of the state of the monitored machines.

Install Apache24
cd /usr/ports/www/apache24
make config-recursive
make install clean
vim /etc/rc.conf
apache24_enable=yes

Install PHP 5.6

cd /usr/ports/lang/php56
make config-recursive
make install clean

Install PHP56-extensions

cd /usr/ports/lang/php56-extensions
make config-recursive
make install clean

Install PHP56 Apache module

cd /usr/ports/www/mod_php56
make config-recursive
make install clean

Edit httpd.conf to insert the following to the configuration file

<FilesMatch ".php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
cd /usr/ports/net-mgmt/nagios4
make config-recursive
make install clean

Ensure that mod_cgi is enabled in /usr/local/etc/apache24/httpd.conf by uncommenting the following line

LoadModule cgi_module libexec/apache24/mod_cgi.so

Restart the apache service to check if nagios is accessible.

More about the installation and configuration of Nagios to follow. 🙂