RAy2 Firmware upgrade and other Useful Scripts

Print version

10. RAy2 Firmware upgrade and other Useful Scripts

By default, there are no ready-to-be-used actions in Zabbix such as configuration backup or firmware upgrade. The Zabbix NMS is a general system which requires special features to be implemented by RACOM or by the user himself.

We provide the user with a guide how to use and define these special features and within the RAy2 template, we already prepared several examples:

  • Configuration backup

  • Displaying the current Firmware version

  • Firmware upgrade

[Note]Note

If you have troubles running scripts or making your own, contact us on .

The whole implementation can be quite time consuming, but once you successfully run the first script, the others are very similar and its implementation is straightforward.

Within the Template, there are three scripts. As you now realise, having the configuration backup files can be crucial if replacing the unit. There is nothing easier than just uploading the configuration file into a brand new RAy2 unit.

10.1. Zabbix Configuration

Before creating and running the first scripts, you need to prepare the Zabbix server (and the Linux operating system). In this example, we configure the CentOS 7 operating system with Zabbix 3 installed via packaging system.

The following steps can be done in different order, but following this order is absolutely fine.

10.1.1. Zabbix Server Configuration File

By default, the zabbix_server configuration file is located in the /etc/zabbix/zabbix_server.conf file. Find the line with “SSHKeyLocation” parameter and define it with this value:

SSHKeyLocation=/home/zabbix/.ssh

This is the location of the RSA private SSH key which will be used to access the RAy2 units.

Restart the Zabbix server afterwards.

# systemctl restart zabbix-server

10.1.2. Uploading the Template Scripts

The scripts must be uploaded manually to a correct directory manually. The default directory is /usr/lib/zabbix/externalscripts/. Copy the script files from the ZIP Template file to this directory. The target state should look similar to this output:

# ls -l /usr/lib/zabbix/externalscripts/
total 48
-rw-r--r--. 1 zabbix zabbix   933 Mar 14 15:40 cli_upgrade_ray.sh
-rwxr-xr-x. 1 zabbix zabbix   649 Mar  9 16:58 ray_cli_cnf_backup_get.sh
-rwxr-xr-x. 1 zabbix zabbix   137 Mar  9 13:59 ray_cli_fw_show.sh
-rwxr-xr-x. 1 zabbix zabbix  3202 Mar 15 08:40 ray_cli_fw_upgrade.sh
-rw-r--r--. 1 zabbix zabbix    77 Mar 15 08:31 script-log.txt
-rwxr-xr-x. 1 zabbix zabbix 17200 Mar  1 13:24 snmptrap.sh

There are three executable scripts via the Zabbix web interface (starting with “ray_”) and one additional script “cli_upgrade_ray.sh” which is used by one of the previous script. The LOG output of those scripts is in script-log.txt file. There is also the snmptrap.sh file which you should have there for the SNMP TRAP functionality.

Make sure that the files have the zabbix user/group and are executable.

# chown zabbix:zabbix /usr/lib/zabbix/externalscripts/*
# chmod +x /usr/lib/zabbix/externalscripts/*

10.1.3. Zabbix User Configuration

The Zabbix user cannot login to the bash by default. We need modify the /etc/passwd file as follows:

# chsh -s /bin/bash zabbix
# cat /etc/passwd
zabbix:x:996:994:Zabbix Monitoring System:/home/zabbix:/bin/bash

Make sure that the last part after the “:” has a correct path to the bash binary.

If not already created, create the HOME directory for the Zabbix user.

# usermod -m -d /home/zabbix zabbix
# chown zabbix:zabbix /home/zabbix
# chmod 700 /home/zabbix
[Note]Note

You may need to run the “usermod” command once again.

Create the directories for the saved configuration and firmware files and change the access rights.

# mkdir /home/zabbix/configuration-backup
# mkdir /home/zabbix/firmware
# mkdir /home/zabbix/configuration-backup/ray
# mkdir /home/zabbix/firmware/ray
# chown zabbix:zabbix –R /home/zabbix/

10.1.4. SSH Access to RAy2 units

The directory for the SSH key should now be located in /home/zabbix/.ssh directory. Change the current directory to this one and login as zabbix.

# su zabbix

A new prompt appears. Because, we cannot access the RAy2 units using their password via scripts, we need to upload the SSH keys into every unit we want to control. You can either have you own RSA/DSA key or you can create a new one following this example. Run

bash-4.2$ ssh-keygen -t rsa

Follow the guide of the ssh-keygen application and leave the passphrase empty.

To copy our RSA key into the RAy2 units, run the following command:

bash-4.2$ ssh-copy-id admin@10.250.2.225

Just replace 10.250.2.225 with the correct RAy2 IP address. The prompt will ask for the Admin password, fill it in and click Enter. Now, you should have the access into the unit without using a password. Check it via this command:

bash-4.2$ ssh admin@10.250.2.225

You should be logged in the RAy2 unit without writing the password.

10.1.5. Scripts in the Zabbix Web Interface

The script files can be downloaded within the template ZIP file. Save them in the correct directory (/usr/lib/zabbix/externalscripts/) of your Zabbix distribution. Then, the scripts must be manually created in the Zabbix Administration – Scripts menu. See the example below and create Zabbix scripts for all RAy2 scripts.

RAy2 script

Fig. 10.1: RAy2 script

If you open one of them, you can modify them as required.

Script configuration

Fig. 10.2: Script configuration

The Type must be set to “Script” and the Execute on parameter to “Zabbix server”. The command can be modified as required. There is a full path to the script saved on the server and the parameters. The script output is appended to the mentioned log file.

The script can apply to ALL hosts or just one group – in our example, the group name is “RAY2”.

The parameters are MACROs which should be enabled by default due to our Template. Each RAy2 unit uses the SSH port 22 and the SSH key saved in /home/zabbix/.ssh/id_rsa file by default. If you need to modify any of these parameters, go to the Configuration – Hosts menu and edit the particular Host’s MACROs (Inherited and host macros submenu).

Host MACROs

Fig. 10.3: Host MACROs

To edit any of the parameters, click on the “Change” button and Update the Host.

10.1.6. SELinux Restrictions

If the operating system is CentOS 7 and has the SELinux security option enabled, the scripts will not run properly due to these restrictions.

If you run the script, but it will not run properly, check the following output via the command line:

# ausearch -m avc|tail -n 3

It can display a similar output:

time->Tue Mar  8 14:12:31 2016
type=SYSCALL msg=audit(1457442751.052:8277): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7f11466de620 a2=10 a3=56decfbf items=0 ppid=4929 pid=2936 auid=4294967295 uid=996 gid=994 euid=996 suid=996 fsuid=996 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="ssh" exe="/usr/bin/ssh" subj=system_u:system_r:zabbix_t:s0 key=(null)
type=AVC msg=audit(1457442751.052:8277): avc:  denied  { name_connect } for  pid=2936 comm="ssh" dest=8021 scontext=system_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:zope_port_t:s0 tclass=tcp_socket

The issue here is that the SSH cannot be run from the Web interface. To enable it, you can run the following commands. Note that the first command installs some binaries to control SELinux rules. If already installed, you do not need them.

# yum install policycoreutils-devel
# mkdir -p /root/local-policy-modules/zabbix
# cd /root/local-policy-modules/zabbix
# grep "denied" /var/log/audit/audit.log|tail -n 2 > avc.log
# audit2allow -M zabbix_script_ssh -R -i avc.log
# semodule -i zabbix_script_ssh.pp
[Important]Important

Do not rush with SELinux rules, if you understand SELinux, make the required changes. If not, please consult us.

A similar approach is required for the Bash, SNMP traps, logging the script output, etc.

10.1.7. Testing Scripts

The scripts can be tested via clicking on the Hosts in the Web interface. You can click on them when they are displayed within the Last 20 Issues on your Dashboard, or within Maps where they are always displayed.

Scripts in the Maps

Fig. 10.4: Scripts in the Maps

If you click on any of the scripts, the corresponding script runs and the output is displayed in the pop-up window. You can test the Zabbix general ones such as “Ping” or “Traceroute” first.

[Note]Note

You may be required to change the SELinux rules or to install “traceroute” application via the command line (yum install).

The easiest script displays the current firmware version. The version should be displayed within several seconds in the pop-up window.

Another script is the Configuration backup. The expected output should display a full path to the stored file (in the /home/zabbix/configuration-backup/ray directory).

The last scripts makes the Firmware upgrade. The script copies the firmware and another script into the unit and if successfully transmitted, it displays the information in the pop-up window. Due to Zabbix functionality, there is no way to wait for the upgrade to be finished and be informed about it within this pop-up window. Check the Firmware version after several minutes (e.g. 10 minutes) to check whether the upgrade was successful. Note that the script upgrades both units of the selected link! If the upgrade was not finished successfully, check the LOG file or login to the unit via SSH and check the internal log files (/var/log/) and the script log in the /tmp directory. You may also need to check the SELinux rules.

Once configured correctly, running the scripts is easy. If you need to add a new host, just copy the SSH key and you are ready to use it. And if a new script is required, see these examples and create your own scripts or consult creating them with our technical support at .