iThinkVirtual™

Installing phpIPAM on Ubuntu 16.04

| 08/05/2016 | Tags: , , ,

Installing phpIPAM on Ubuntu 16.04

I have been thinking, for a while now, about deploying an IP Address Management (IPAM) system in my Home Lab environment to keep track of my assigned addresses across my various VLANs.  In looking for the right solution, I came across many different choices, from Infloblox to Microsoft’s very own IPAM feature within Microsoft Windows Server 2012 R2.  I read many articles, and kept seeing rave reviews and tons of praise about phpIPAM and that it was simple to install and get it running (at least that’s how it’s advertised).  I went to the phpIPAM website to lookup more information and noticed they have an installation guide available.  Upon observing it, I quickly became disappointed at the lack of detailed instructions to actually deploy it on a system.  I guess they assume everyone has adequate knowledge of Linux operating systems, but myself personally, I’m still pretty novice at Linux and am looking to become more proficient with it.  I figured this is a good opportunity to get some hands-on Linux experience since I already knew how to, at the ver least, install an OS!  

So like any normal “noob” at this, I started consulting “Mr. Google” searching for easy to follow guides on installing phpIPAM and stumbled across one that made it all look very simple (I will share all links at the end of this post).  I spun up an Ubuntu VM and followed the guide precisely, step-by-step, and was disappointed when I could not access the phpIPAM installation web page.  After more searching, I stumbled on even more articles and each one used different methods to get it to work properly.  I thought to myself, “there has to be an easier way to get this working right?”  

So after countless hours of trial and error, taking little tid-bits from several references, I managed to finally get phpIPAM successfully deployed and working on Ubuntu 16.04.  At this point, I figured it would be a great idea to document my installation steps so that I can share my experience with all of you and hope that this guide will be of some value.  Let’s get to it!

Prerequisites:

  • Ubuntu Server 16.04 64-bit
    • Linux, Apache, MySQL, PHP (LAMP) configuration
      • apache2
      • MariaDB (MySQL replacement) or MySQL
      • php7.0 + modules
        • libapache2-mod-php7.0
        • php7.0-cli
        • php7.0-curl (optional)
        • php7.0-gmp
        • php7.0-json
        • php7.0-ldap
        • php7.0-mcrypt (optional, for phpmyadmin)
        • php7.0-mysql
        • php7.0-xml
      • php-pear
      • php-apcu (to speed-up php)
      • phpmyadmin (optional)
        • php-mbstring
        • php-gettext
  • phpIPAM 
  • Web Browser

For the purposes of this guide, I will not cover the actual OS installation steps and am confident that you can easily get an OS installed and running.

I will first configure the server with a LAMP configuration.  I began with a “vanilla” or shall I say “minimal” installation of Ubuntu Server 16.04 64-bit and I will be running all of the commands as the root user.  Having had Linux installed and my server ready means that the “L” part of the “LAMP” configuration is already done.  FYI – features that define a LAMP configuration and be installed in any order.

 2016-05-08_14-04-29

Log in with your local account then enter:

sudo su

 2016-05-08_14-07-02

First, I updated apt-get by running:

apt-get update

 2016-05-08_14-24-48

Once completed, we will move on to the “M” phase of the configuration and install the MySQL database.  I chose to use MariaDB instead of MySQL as I’ve read there are many performance improvements over MySQL.

To install MariaDB, run the following:

apt-get -y install mariadb-server mariadb-client wget

 2016-05-08_14-32-37

When the components have finished installing, we can set a root password for MariaDB by entering the following:

mysql_secure_installation

2016-05-08_14-36-52

You will then be asked the following series of questions:

  • Enter current password for root (enter for none): <– press enter
  • Set root password? [Y/n] <– y
  • New password: <– Enter the new MariaDB root password here
  • Re-enter new password: <– Repeat the password
  • Remove anonymous users? [Y/n] <– y
  • Disallow root login remotely? [Y/n] <– y
  • Remove test database and access to it? [Y/n] <–y
  • Reload privilege tables now? [Y/n] <– y

Next, test the login to MariaDB by entering the following:

mysql -u root -p

Enter the root users password that you previously configured.  If successful, you should see a screen similar to this:

2016-05-08_14-41-05

To exit MariaDB, type quit and press Enter

 

Now, I have just completed the “M” phase of our LAMP configuration and can move on to the “A” phase and install Apache2.

To install apache2, simply run the following command:

apt-get -y install apache2

2016-05-08_14-45-15

When that has finished, test apache to make sure it works by opening a web browser and browse to the VM’s IP or FQDN (http://ipaddress or http://FQDN).  I will use Google Chrome and access it via hostname (FQDN) since I’ve created the DNS record already.

2016-05-08_14-51-32

Success!  This now completes the “A” phase of the LAMP configuration and I can now move on to the final “P” phase by installing PHP7.0

I will begin by simply installing php7.0 and the Apache2 php module.  To do this, enter the following:

apt-get -y install php7.0 libapache2-mod-php7.0

 

2016-05-08_14-57-02

When that finishes, restart apache by running:

systemctl restart apache2

To test that PHP7.0 installed successfully, I will make an info.php file in the web server directory by running the following:

vim /var/www/html/info.php

2016-05-08_15-03-21

You can also use nano instead of vi or vim.  Then I add the following lines by first pressing “I” for “Insert

<?php
phpinfo();
?>

2016-05-08_15-07-54

Save the file by pressing “esc” followed by “Shift :” then type the letters “wq” and press Enter.  Next, run the following command to change ownership of the file:

chown www-data:www-data /var/www/html/info.php

2016-05-08_15-08-42

Now, I can test to ensure PHP is running under Apache2 by opening a web browser and navigating to the IP or FQDN /info.php link (http://ipaddress/info.php or http://FQDN/info.php).  If successful, you should see a page like this.

2016-05-08_15-11-57

Perfect!  Now I will add some additional php modules that will be needed for phpIPAM to work along with some others to add support for MariaDB.  I’ll start with the following command to list the available php7.0 modules.

apt-cache search php7.0

I’ll then install the necessary php modules that are needed by phpIPAM to add support for the database (MariaDB) by entering the following (some of them may have already been installed via php 7.0 installation earlier) :

apt-get -y install php7.0-cli php7.0-curl php7.0-gmp php7.0-json php7.0-ldap php7.0-mcrypt php7.0-mysql php7.0-xml php-pear

2016-05-08_15-24-36

Restart apache2 by running:

systemctl restart apache2

Point your web browser to the /info.php page again and reload it.  If all is well, you should see the new modules installed along with “mysqli“.  Now I know that MariaDB is supported in my php 7.0 installation

2016-05-08_15-28-47

At this point, I have finished the “P” phase in the LAMP configuration and can move on to installing phpIPAM.  But before doing that, I want to add a few extra modules to my PHP configuration to make it run faster via APCU, and to add support for PHPMyAdmin and SSL.

Start by entering the following to speed up PHP

apt-get -y install php-apcu

Then restart apache2 with

systemctl restart apache2

2016-05-08_15-34-20

If you want to ensure it’s installed and running, again load the /info.php site in your web browser and look for the following

2016-05-08_15-34-44

If you’d like, and for security concerns, you can delete the info.php at this time by running 

rm -f /var/www/html/info.php

Now, I am going to enable SSL so that I have (https://) access to my web server as well.  Do this by running the following:

a2enmod ssl
a2ensite default-ssl

Then restart apache2 again with

systemctl restart apache2

2016-05-08_15-39-22

Test it by launching your apache web server link in your web browser using (https://ipaddress or https://FQDN)

2016-05-08_15-41-262016-05-08_15-41-53

The last thing to officially complete my “P” phase of my LAMP configuration is to install phpMyAdmin to allow me to manage my database easily from a web browser.  To install, enter:

apt-get -y install phpmyadmin php-mbstring php-gettext

2016-05-08_15-44-27

You will be presented with the following screen.  Select the “apache2” option by pressing the “space bar” on the highlighted object, and press Enter.

 2016-05-08_15-46-14

Next, you will be presented with this screen.  Select “Yes” and press Enter.

 2016-05-08_15-48-01

On this next screen, just press Enter as a random password will be generated for the phpmyadmin account

 2016-05-08_15-49-29

Next, I need to explicitly enable “crypt” and “mbstring” or the web page will not load properly.  Do this by running the following:

phpenmod mcrypt
phpenmod mbstring

Then, restart apache 2 again with:

systemctl restart apache2

2016-05-08_15-55-34

And the final command to finish the installation is to run the following:

echo "update user set plugin='' where User='root'; flush privileges;" | mysql --defaults-file=/etc/mysql/debian.cnf mysql

2016-05-08_15-57-37

Test phpMyAdmin by navigating to the web server /phpmyadmin page (http(s)://ipaddress/phpmyadmin or http(s)://FQDN/phpmyadmin).  The login is root and the database password you created earlier.

2016-05-08_16-00-27

Excellent!  Now, my LAMP configuration is complete and I can start with the phpIPAM configurations and installation.

Since I’ve already installed all of the required modules, the next thing to do is download the phpipam file and then extracting it to the web servers directory (/var/www/html).  Start by changing over to the /tmp directory

cd /tmp

Next, download phpipam.  I am using the latest version which, at the time of this writing, is phpipam-1.2.1.tar

wget https://sourceforge.net/projects/phpipam/files/phpipam-1.2.1.tar

2016-05-08_16-10-20 2016-05-08_16-10-48

Extract the file to the web server directory:

tar -xvf phpipam-1.2.1.tar -C /var/www/html

2016-05-08_16-19-56

The files have been extracted to a new folder at /var/www/html/phpipam.  Now we need to edit the config.php file in that directory.  But there is no such file so we have to create it by copying the default config.dist.php file to config.php.  Do this by running:

cp /var/www/html/phpipam/config.dist.php /var/www/html/phpipam/config.php

2016-05-08_16-20-12

Now we can edit this file with vim, vi, or nano:

vim /var/www/html/phpipam/config.php

2016-05-08_16-21-03

By default, the file will look like this and I will need to change the following selections:

2016-05-08_16-22-09 2016-05-08_16-22-56

I will make the following changes before saving and exiting the file:

2016-05-08_16-25-16 2016-05-08_16-25-53

Since I have defined the ‘BASE’, it also explicitly said to change this in the .htaccess file.  To open and edit this file, enter:

vim /var/www/html/phpipam/.htaccess

2016-05-08_16-29-01

By default, the file looks like this and I will be changing the following line

2016-05-08_16-29-18

To look like this before saving and exiting the file:

2016-05-08_16-30-03

Next, I will edit the default apache web file (000-default.conf) by entering:

vim /etc/apache2/sites-available/000-default.conf

2016-05-08_16-35-38

By default it looks like this:

2016-05-08_16-35-55

I will be adding the following lines before saving and exiting the file.  This will also allow you enable “Prettify Links” while using an HTTP connection.

<Directory "/var/www/html">
     Options FollowSymLinks
     AllowOverride all
     Require all granted
     Order allow,deny
     Allow from all
</Directory>

If you would like to enable “Prettify Links” while using an HTTPS connection, you need to edit the default apache https web file (default-ssl.conf) by entering:

vim /etc/apache2/sites-available/default-ssl.conf

Look for the same “Directory” area as in the previous step (scroll about halfway down).  By default it will look like this:

Change the entry to the following:

<Directory "/var/www/html">
     Options FollowSymLinks
     AllowOverride all
     Require all granted
     Order allow,deny
     Allow from all
     SSLOptions +StdEnvVars
</Directory>

Now I have to restart the apache2 service again but before doing so, I need to enable “mod_rewrite” by first entering the following and then restarting apache2 as described earlier:

a2enmod rewrite

systemctl restart apache2

2016-05-08_16-40-41

If all is successful, you can now open your web browser and navigate to your web server’s /phpipam URL (http(s)://ipaddress/phpipam or http(s)://FQDN/phpipam) and be presented with the following:

2016-05-08_16-42-29

This is awesome!!  Now, I can select “Automatic database installation“, enter the “root” username and password and click “Install phpipam database

2016-05-08_16-44-07

After a few brief moments, you should see the “Database installed successfully” and you can press “Continue” to log in.

2016-05-08_16-45-56

Enter a password to set the “Admin Password” then click “Save Settings

2016-05-08_16-47-47

After another brief few seconds, you will see a “Settings updated, installation complete!” message and you can click “Proceed to login

2016-05-08_16-49-08

At this point, you will be presented with the phpipam login screen, where you can enter “Admin” and the password you’ve created for the account, then begin configuring your subnets, etc within the dashboard!  I will not go over the configurations in this post as I still need to poke around it a bit, but I’m sure you will find it pretty easy and self-explanatory.

2016-05-08_16-51-32 2016-05-08_16-51-54

Well, that is it!  I hope that you’ve all found this guide to be useful and I welcome any feedback.  Please feel free to rate this post above and share!

**Update**

  • If you would like to check the status by running a ping check, resolve IP addresses, and add the ability to automatically scan for new hosts to automatically add to phpIPAM every 15 minutes, you must add the following cronjob…
crontab -e

Then enter the following at the end of the file…

*/15 * * * * /usr/bin/php -c /etc/php/7.0/cli/php.ini /var/www/html/phpipam/functions/scripts/pingCheck.php

*/15 * * * * /usr/bin/php -c /etc/php/7.0/cli/php.ini /var/www/html/phpipam/functions/scripts/resolveIPaddresses.php

*/15 * * * * /usr/bin/php -c /etc/php/7.0/cli/php.ini /var/www/html/phpipam/functions/scripts/discoveryCheck.php

(Optional)

Instead of running a Discovery Check at the specified 15-minute interval, I also added a rule to do a check every day at 11 AM (see code below).  Please note that I currently have the rule disabled by adding a “#” at the beginning of the line, but if I ever do decide to use that instead of the 15-minute check, I can remove the hashtag and place it in front of the 15-minute check rule.

0 11 * * * /usr/bin/php -c /etc/php/7.0/cli/php.ini /var/www/html/phpipam/functions/scripts/discoveryCheck.php

  • If you’d like to force phpIPAM to always use HTTPS, edit the .htaccess file again:
vim /var/www/html/phpipam/.htaccess

Enter the following:

RewriteCond %{HTTPS} !=on

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Cheers!

-virtualex-

Ping backs:

Creating a Single-Node VSAN

| 02/05/2016 | Tags: , ,

Creating a Single-Node VSAN

 

Many of us homelab enthusiasts tend to build “whitebox” systems from spare PC parts and a few internal hard drives for local storage that we’ve either ordered or had laying around in order install ESXi and run a single-node lab environment.  VMware Virtual SAN (VSAN) enables the ability to build a local SAN environment utilizing the local hard drives in the host.  The only downside/caveat is that you need a minimum of (3) ESXi hosts in a cluster to enable and configure VSAN.  Bummer!  

Well, thanks to some very smart people in the community, there is a way to create a VSAN on your single-node host!  

Keep in mind that this is not supported by VMware and is recommended for testing purposes only and should not be done in a production environment so use at your own risk.

I will mention that this topic has been covered by other bloggers (one of my favorites, William Lam, and a few others…) in the community but for my own knowledge and sharing, I decided to write this post detailing how I configured this in my environment.

Below, I will show you how to configure a hybrid and an all-flash VSAN on your ESXi host.  Again, I remind you that running a single-node VSAN is not supported by VMware and you run the risk losing all your data in the event of a disaster scenario (system crash, etc.)  Please be sure to understand the risks when deciding to use this in your own home lab.

Prerequisites:

  • (1) vCenter Server (Windows-based or VCSA)
  • (1)ESXi host in a cluster
  • (1) vmk for VSAN Traffic
  • (1) SSD for Caching Tier
  • (1) SSD for Capacity Tier (All-Flash configuration)…or…
  • (1) HDD for Capacity Tier (Hybrid Configuration)
  • SSH access to Host

For simplicity’s sake, I will be using a VCSA and ESXi VM deployed in VMware Workstation 12.1.1 Pro on Windows 10 for this demonstration.

1 2

Be sure that you have connected your ESXi host to your vCenter Server and have added it to a cluster, you do not need to enable VSAN on the cluster yet.  Add an additional vmk to your vSwitch for VSAN traffic.  Also ensure you have started the SSH service on the ESXi host.

Open an SSH session to your ESXi Host.  If you’ve added a vmk for VSAN but have not enabled it for VSAN traffic yet, enter the following command.

esxcli vsan network ipv4 add -i vmkN

(Where “N” is the number of your vmk port – ie: vmk1)

In my environment, I already created a VSAN vmk and enabled it for VSAN traffic so I was able to skip the command above.

3

Using the vSphere Web Client or C# client, verify the hard drive that you want to use for your VSAN datastore.  I will be using these drives, the 30GB will be my cache disk and the 120GB will be the capacity disk.

4 5

Back in your SSH session, enter the following command to determine and confirm the eligibility of the disks intended for use to create your VSAN.

vdq -q

6

Next, enter the following command to get the current default VSAN policy.

esxcli vsan policy getdefault

7

We will need to change the current policy by running the following commands.

esxcli vsan policy setdefault -c cluster -p "((\"hostFailuresToTolerate\" i0) (\"forceProvisioning\" i1) (\"stripeWidth\" i1))"
esxcli vsan policy setdefault -c vdisk -p "((\"hostFailuresToTolerate\" i0) (\"forceProvisioning\" i1) (\"stripeWidth\" i1))"
esxcli vsan policy setdefault -c vmnamespace -p "((\"hostFailuresToTolerate\" i0) (\"forceProvisioning\" i1) (\"stripeWidth\" i1))"
esxcli vsan policy setdefault -c vmswap -p "((\"hostFailuresToTolerate\" i0) (\"forceProvisioning\" i1) (\"stripeWidth\" i1))"

8

Run this command again to confirm that the policy has been changed.

esxcli vsan policy getdefault

9

Run the following command to create a new VSAN cluster

esxcli vsan cluster new

10

Now, since my disks are all SSD, I am creating an All-Flash VSAN configuration.  I need to run the following command to tag the capacity SSD as the data disk.  The “-d” represents the “capacity disk” and you need to specify the identifier of the disk to tag.  You can simply copy the identifier number directly from the ESXi hosts storage devices section in Web Client/C# Client, or from the SSH session where we ran the “vdq -q” command.  

Note – If you are deploying a Hybrid VSAN, this command is not needed so you can skip to the next command to add the “cache & capacity” disks to your VSAN.

esxcli vsan storage tag add -d <disk identifier> -t capacityFlash

11

If you’d like to confirm that the disk has been tagged for “capacityFlash” simply run the “vdq -q” command again and check the disk.

12

Next, run the following command to add both your disks (cache & capacity) to your VSAN storage volume.  The “-s” represents the SSD “cache disk”, and the “-d” represents the “capacity disk”.  Be sure to enter the correct identifier number for the respective disks.

esxcli vsan storage add -s <disk identifier> -d <disk identifier>

13

 Run the following command to show the VSAN cluster info.

esxcli vsan cluster get

14

Run the following command to list the VSAN storage

esxcli vsan storage list

15

Congratulations, if everything has been followed correctly, you should now have created a single-node VSAN datastore!

16 17

But we are not quite finished just yet.  Even though I can see the VSAN datastore, I still want to officially enable VSAN on the cluster in vCenter.  Do the following…

18 19 20

In my environment, I have an extra disk in my host, but I do not want to claim this as part of my VSAN.  So, from the drop-down menu, I selected “Do not claim” and hit Next then Finish. 

21 22

Now I can see that VSAN is “Turned On” and can see the disks that are associated with the Disk Group.

23 24

But, there’s still a bit more to be done for me to be able to provision VMs on this datastore.  I need to edit the VSAN VM Storage Policy.  Personally, I prefer to leave the default policies intact and instead create a new policy for my single-node datastore.  I will show both editings of the default policy, for those who do not want to bother with creating a new policy, as well as creating a new policy.  First, let’s check the VASA storage provider and ensure it has been synchronized so that we can edit/create our VSAN Storage policy.

25 26

 

Editing Virtual SAN Default Storage Policy

27

Here we need to simply change:

  • Number of failures to tolerate = 0 (Default is 1)
  • Force provisioning = Yes (Default is No)

28

 

Creating a new Virtual SAN Storage Policy

30

Give it a Name and a Description then hit Next.  

29

Select VSAN from the “Rules based on data services” drop-down, then add all the rules from the drop-down and configure the same settings mentioned above, then hit Next and Finish.

  • Number of failures to tolerate = 0 (Default is 1)
  • Force provisioning = Yes (Default is No)

31 32

And, there you have it!  A fully functional Single-Node VSAN to provision VMs on.  You still have to add a VSAN license, but that will not be covered here as you should already be familiar with the licensing process.

33

 

The Finishing touches

The following optimizations commands are optional but highly recommended for better performance and stability in your VSAN environment.

Since this is a homelab, the disks I used may not be on the official VMware HCL and can potentially impact the performance of the lab environment.  Corman Hogan wrote a great blog and included a tip on how to disable VSAN device monitoring.  Open an SSH session to your host again and run the following command.

esxcli system settings advanced set -o /LSOM/VSANDeviceMonitoring -i 0

To confirm that the command was successful, run the following command.  It should return a value of “0” as the default value is “1”.

esxcfg-advcfg -g /LSOM/VSANDeviceMonitoring

34

Cormac Hogan also wrote another great post about the new “Sparse VM Swap Object”.  ESXi 6.0 Update 2 (aka 6.2) brings a new setting in VSAN 6.2 which allows VSAN to provision a VM swap object as thin instead of thick, where thick has historically been the default.  So if you’d like to disable thick provisioning and use thin, run the following command.

esxcli system settings advanced set -o /VSAN/SwapThickProvisionDisabled -i 1

To confirm, run the following command.  It should return a value of “1” as the default value is “0”.

esxcfg-advcfg -g /VSAN/SwapThickProvisionDisabled

35

And last, but definitely not least, if you intend on running any Nested ESXi VMs on your newly created VSAN, be sure to run the following command to prevent any errors when trying to create SCSI disks for your ESXi VM.  This will enable an advanced ESXi setting that will “fake” SCSI reservations.  William Lam has a nice post about this here.

esxcli system settings advanced set -o /VSAN/FakeSCSIReservations -i 1

And to confirm it took, run the following command.  It should return a value of “1” as the default value is “0”.

esxcfg-advcfg -g /VSAN/FakeSCSIReservations

36

That’s all folks!  I hope that you’ve found this post to be of use to you and I hope you come back for more content.  Feel free to comment, share, and subscribe!

Giving credit where it is due, shout out to William Lam and Cormac Hogan!

 

-virtualex-