Welcome, Guest. Please login or register.

Author Topic: Introducing NeDiVA (NeDi Virtual Appliance)  (Read 26874 times)

tristanbob

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Introducing NeDiVA (NeDi Virtual Appliance)
« on: October 28, 2011, 11:05:37 PM »
Greetings!  I have been a Nedi user for over 6 years, and we still use it on a daily basis.  I am shocked that this powerful tool is not the most popular network management tool in the world. 

To help improve this situation, I have created NeDiVA (NeDI Virtual Appliance).  The main purpose of Nediva is to make it super easy to get started using Nedi.  Whether you are a Linux expert or a first-time user, Nediva will save you time in building a new server for Nedi.

This is my first version, so it is not perfect.  Please submit requests for improvements or any ideas you have to make Nediva more useful.

http://susegallery.com/a/UYfGue/nediva

I want to thank Remo for making Nedi and providing it to the world for free!

Cheers!

Tristan Rhodes

Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!

pc_sg

  • Full Member
  • ***
  • Posts: 245
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #1 on: November 16, 2011, 08:07:16 AM »
Hi Tristan,
I'm trying NeDiVA.
Importing VM in ESX wasn't too difficult. Strangely OVF was seen as incompatible, but opening VMX in VMWare Workstation and exporting it in ESX was sucessful.
First discovery was partial, but it depends on NeDi 1.0.6, not complete in DEF files. Upgraded to 1.0.7, all devices discovered!

As far as I can see, editing of CRON files through NeDi is not functioning. I don't know if there is something more to do or configure or change to make it running. Is a real handy feature.

Another hint: could you install also WebMin ? is the first tool I install on every Linux Server I made. And a SwissKnife for an administrator!

Only another thing: why have you put NeDi under /opt/ instead of /var/ ?
My old 1.0.5 is under /var/ even if is a Debian OS machine!
I know that Ubuntu installation procedure point out  to put NeDi under /opt/ , but there is less to modify if under /var/ , and I still don't understand the real reason of it...

Regards (and THANKS a lot!!!)

Paolo (pc_sg)

pc_sg

  • Full Member
  • ***
  • Posts: 245
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #2 on: November 16, 2011, 09:31:59 AM »
Hi again Tristan, here another problem:
I need to reinitialize database (nedi -i) but any username/password pair I've tried is not accepted.

Which is the right one?

Thanks

Paolo

pc_sg

  • Full Member
  • ***
  • Posts: 245
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #3 on: November 16, 2011, 02:14:28 PM »
Hi again Tristan, here another problem:
I need to reinitialize database (nedi -i) but any username/password pair I've tried is not accepted.

Which is the right one?

Thanks

Paolo

Found: ... is empty !!!

Anyone should change it ASAP for security reason.

Paolo

pc_sg

  • Full Member
  • ***
  • Posts: 245
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #4 on: November 16, 2011, 02:55:39 PM »
New problem:

reinitializede NeDiVA with "nedi -i" and now I can't access NeDi anymore. After login as "admin/admin" the window become white with

"Could not connect to nedi@localhost with nedi"

Any advice?

Paolo  :(

tristanbob

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #5 on: December 01, 2011, 12:25:47 AM »
I left the root MySQL password blank because I wanted it to be easy for users.  I guess I could try changing to something easy.  Regardless, the only access allowed to the SQL server is from localhost. 

Thanks for the input!

Tristan

Hi again Tristan, here another problem:
I need to reinitialize database (nedi -i) but any username/password pair I've tried is not accepted.

Which is the right one?

Thanks

Paolo

Found: ... is empty !!!

Anyone should change it ASAP for security reason.

Paolo
Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!

pc_sg

  • Full Member
  • ***
  • Posts: 245
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #6 on: December 01, 2011, 10:10:17 AM »
You are right Tristan! Only local access... Secure enough!

Anyway the second issue is still active. I'm no more able to access NeDi.
I don't know if may be related to WebMin installation, but I've a bunch of Linux servers, and all have WebMin installed on it, without any problem!

Paolo

tristanbob

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #7 on: December 02, 2011, 11:10:21 PM »
I have a guess what this might be.  Remo's code to initialize the database appears to have an error with the permissions.  I fixed those with Nediva, but I bet "nedi -i" will recreate the database with the wrong permissions.  If you want to test this, try:

Code: [Select]
echo "grant all privileges on nedi.* to nedi@\"localhost\" identified by 'dbpa55';" | mysql
New problem:

reinitializede NeDiVA with "nedi -i" and now I can't access NeDi anymore. After login as "admin/admin" the window become white with

"Could not connect to nedi@localhost with nedi"

Any advice?

Paolo  :(
Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!

pc_sg

  • Full Member
  • ***
  • Posts: 245
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #8 on: December 05, 2011, 08:09:57 AM »
Yes, is right!
So, any time I need to reinitialize NeDi, I must correct database rights.
A clarification: if any (like me...) has assigned a password to MySQL admin (root in my case), the line shoul be changed to
Code: [Select]
echo "grant all privileges on nedi.* to nedi@\"localhost\" identified by 'dbpa55';" | mysql -u root -pand so entering correct MySQL root user.

Tristan , aren't you able to correct Remo's initialize code at all?
Remo is aware of this?

Thanks!

Paolo

Gearrion

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #9 on: December 07, 2011, 03:06:47 PM »
    Mysql does not like unsecured passwords.  This is the issue..  If you log int the sql server and set the password to anything other than blank it should work.  you would need to add the changes to nedi.conf as well thou..

  Every time I dump my database and start over I get this error in my log,

 "using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file"

   like is says,
remove the old-passwords flag from your my.cnf file
then in mysql run under the nedi user..

 set password = password('my password');

tada! fixed...





tristanbob

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #10 on: December 09, 2011, 07:19:16 PM »
Thanks Paolo and Gearrion!  I really appreciate the input and I have have created a new version of Nediva to address the issues you discovered.  I didn't understand everything that Gearrion said, but I have changed Nediva to use a root Mysql password.   I still think there is a bug related to MySQL permissions with the "Nedi.pl -i" database initialization process. (I need to confirm this with Remo)

Without further ado, here are the release notes and download link:

http://susestudio.com/a/UYfGue/nediva

Release Notes:
****************************

NeDiVa 0.0.44
(Published 12/09/11)

* Upgraded to Suse 12.1

* Upgraded to Nedi 1.0.7_RC1 (not the final version)

* Secured MySQL by disabling network access

* Added a MySQL root password that matches the Linux root password

* Disabled SSH login with the root user for added security

* Changed Nedi location from "/opt/nedi" to "/var/nedi" to match Remo's default setting

* Change permissions on Nedi directories to enable Apache to edit and execute files.

****************************
Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2510
    • View Profile
    • NeDi
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #11 on: December 10, 2011, 05:53:22 PM »
Very cool, thanks a lot Tristan!

In addition to init: I don't understand, why this doesn't work on NeDiVA. My code works on NeDiO (using dba55 as DB pw for root) and should also cover Gearrion's point. Here's the perl code:

Code: [Select]
$dbh->do("CREATE DATABASE $misc::dbname");
$dbh->do("GRANT ALL PRIVILEGES ON $misc::dbname.* TO \'$misc::dbuser\'\@\'$_[2]\' IDENTIFIED BY \'$misc::dbpass\'");
if ($mysqlVer =~ /5\./) { #fix for mysql 5.0 with old client libs
$dbh->do("SET PASSWORD FOR \'$misc::dbuser\'\@\'$_[2]\' = OLD_PASSWORD(\'$misc::dbpass\')");
}

« Last Edit: December 11, 2011, 11:32:27 AM by rickli »
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

tristanbob

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #12 on: December 13, 2011, 07:47:06 PM »
Here is the command I run to reset the Mysql permissions:

Code: [Select]
# Initialize Database
/var/nedi/nedi.pl -i root nediroot
echo "grant all privileges on nedi.* to nedi@\"localhost\" identified by 'dbpa55';" | mysql -u root -pnediroot

If I don't run that last command, I get "could not connect to nedi@localhost" in the web-browser. 

Tristan

Very cool, thanks a lot Tristan!

In addition to init: I don't understand, why this doesn't work on NeDiVA. My code works on NeDiO (using dba55 as DB pw for root) and should also cover Gearrion's point. Here's the perl code:

Code: [Select]
$dbh->do("CREATE DATABASE $misc::dbname");
$dbh->do("GRANT ALL PRIVILEGES ON $misc::dbname.* TO \'$misc::dbuser\'\@\'$_[2]\' IDENTIFIED BY \'$misc::dbpass\'");
if ($mysqlVer =~ /5\./) { #fix for mysql 5.0 with old client libs
$dbh->do("SET PASSWORD FOR \'$misc::dbuser\'\@\'$_[2]\' = OLD_PASSWORD(\'$misc::dbpass\')");
}

Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!

tristanbob

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #13 on: December 13, 2011, 09:15:48 PM »
NeDiVA:/home/nedi # mysql --version
mysql  Ver 14.14 Distrib 5.5.16, for Linux (i686) using readline 6.2

Could this version number be throwing off your regex check for Mysql version 5?

Tristan
Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!

tristanbob

  • Full Member
  • ***
  • Posts: 142
    • View Profile
Re: Introducing NeDiVA (NeDi Virtual Appliance)
« Reply #14 on: December 13, 2011, 10:37:07 PM »
Remo,

CONFIRMED!  I commented your IF statement and the initialization process no longer breaks permissions. 

Can you come up with a different regex to check for old mysql versions?  (Or perhaps just leave this out)

Thanks,

Tristan
Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!