Agenda: exercises-netdot.page

% Netdot exercise
% Network Management Topics

# Introduction

The Network Documentation Tool (Netdot) is an open source tool designed to 
help network administrators collect, organize and maintain network 
documentation. Netdot is actively developed at the University of Oregon.

## Goals

In these exercises we will install Netdot and demonstrate some of its most
important features. 

## Notes

* Commands preceded with "$" imply that you should execute the command as
  a general user - not as root.
* Commands preceded with "#" imply that you should be working as root.
* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") 
  imply that you are executing commands on remote equipment, or within 
  another program.

# Installation

## Package Dependencies

Some packages are available in Ubuntu. We'll install those first
(you will probably want to copy/paste the following):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo apt-get -y install apache2 libapache2-mod-perl2 rrdtool librrds-perl \
graphviz libmodule-build-perl libcgi-pm-perl libclass-dbi-perl \
libclass-dbi-abstractsearch-perl libapache2-request-perl libhtml-mason-perl \
libapache-session-perl liburi-perl libsql-translator-perl libsnmp-info-perl \
snmp-mibs-downloader libnetaddr-ip-perl liblog-dispatch-perl \
liblog-log4perl-perl libparallel-forkmanager-perl libauthen-radius-perl \
libtest-simple-perl libtime-local-perl libfile-spec-perl libnet-dns-perl  \
libcarp-assert-perl libdigest-sha-perl libssl-dev dnssec-tools \
libsocket6-perl libxml-simple-perl mysql-server libdbix-datasource-perl
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(If you had not installed mysql-server, you'll be asked for a DBA password.
Use the password that you used to log in to the PC).

Now we'll set up APT to look for the rest of the packages in NSRC's server.

Add the following file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ cd /etc/apt/sources.list.d
$ sudo EDITOR netdot.apt.nsrc.org.list

  Add these two lines:

deb http://netdot.apt.nsrc.org/ unstable/
deb-src http://netdot.apt.nsrc.org/ unstable/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(save and exit editor)

Now install the rest of the packages:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo apt-get update
$ sudo apt-get -y --force-yes install libapache2-authcookie-perl \
libapache2-sitecontrol-perl libnet-iptrie-perl libnet-irr-perl \
libnet-appliance-session-perl libbind-config-parser-perl 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Update the following file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo EDITOR /etc/snmp/snmp.conf
 
  comment out this line:

mibs:

  to that it becomes:

#mibs:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(save and exit) 

Download the latest Netdot package:

First check if it's available in your classroom's NOC server:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ cd /usr/local/src
$ sudo wget http://noc.ws.nsrc.org/downloads/netdot-latest.tar.gz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If not, try from the official site:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo wget --no-check-certificate \
https://netdot.uoregon.edu/pub/dists/netdot-0.9.10.tar.gz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Unpack the tarball:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo tar xzvf netdot-0.9.10.tar.gz
$ cd netdot-0.9.10.tar.gz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Verify that we have all the necessary dependencies:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ make testdeps
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Initialize the site configuration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo cp etc/Default.conf etc/Site.conf
$ sudo EDITOR etc/Site.conf

  Find and change the following values:

NETDOTNAME => 'pcX.ws.nsrc.org'
DB_DBA_PASSWORD => '(the password you used when installing mysql)',
DEFAULT_SNMPCOMMUNITIES  =>  ['NetManage', 'public'],
NMS_DEVICE => 'localhost',
DEFAULT_DNSDOMAIN  => 'ws.nsrc.org',
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install the application and initialize the database
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo make install APACHEUSER=www-data APACHEGROUP=www-data
$ sudo make installdb
$ sudo ln -s /usr/local/netdot/etc/netdot_apache2_local.conf \
/etc/apache2/conf.d/
$ sudo service apache2 graceful
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install the cron jobs for automated tasks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo cp netdot.cron /etc/cron.d/netdot
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Operation

## Log into the web interface

In your browser, go to:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://pcX.ws.nsrc.org/netdot
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log in with admin/admin

## Changing default passwords

Netdot comes with three default user accounts. You should change the default
passwords on those. 

Go to the "Contacts" tab, then search for "Admin". You should see the details
for the Admin user. Click on [edit], and find the Password field. Type the
password you used to log in to your PC, then click on the "Update" button.

Repeat the same steps for the other default users:

* operator
* guest

## Discovering devices

If you have not done so yet, configure SNMP on your PC and your router.

Let's create a file with all the devices in the lab network that respond 
to SNMP:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$sudo EDITOR /home/sysadm/discoverme.txt

Copy and paste the following list:

gw.ws.nsrc.org NetManage
sw.ws.nsrc.org NetManage
rtr1.ws.nsrc.org NetManage
rtr2.ws.nsrc.org NetManage
rtr3.ws.nsrc.org NetManage
rtr4.ws.nsrc.org NetManage
rtr5.ws.nsrc.org NetManage
rtr6.ws.nsrc.org NetManage
pc1.ws.nsrc.org NetManage
pc2.ws.nsrc.org NetManage
pc3.ws.nsrc.org NetManage
pc4.ws.nsrc.org NetManage
pc5.ws.nsrc.org NetManage
pc6.ws.nsrc.org NetManage
pc7.ws.nsrc.org NetManage
pc8.ws.nsrc.org NetManage
pc9.ws.nsrc.org NetManage
pc10.ws.nsrc.org NetManage
pc11.ws.nsrc.org NetManage
pc12.ws.nsrc.org NetManage
pc13.ws.nsrc.org NetManage
pc14.ws.nsrc.org NetManage
pc15.ws.nsrc.org NetManage
pc16.ws.nsrc.org NetManage
pc17.ws.nsrc.org NetManage
pc18.ws.nsrc.org NetManage
pc19.ws.nsrc.org NetManage
pc20.ws.nsrc.org NetManage
pc21.ws.nsrc.org NetManage
pc22.ws.nsrc.org NetManage
pc23.ws.nsrc.org NetManage
pc24.ws.nsrc.org NetManage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now, tell Netdot to discover those devices:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ cd /usr/local/netdot
$ bin/updatedevices.pl -E /home/sysadm/discoverme.txt -IAF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Go to the web interface and navigate to 

Management -> Devices

In the search box, type "*", and hit ENTER

You should see discovered devices in that list. Go to the link for your 
group's router (e.g. rtrX.ws.nsrc.org)

* Navigate to all the tabs: Basic, Interfaces, Modules, IP Info, etc.
* In the ARP section, you should see one entry with a timestamp.
  Click on that entry. You should see a table associating IP addresses
  and MAC addresses. This is the ARP table discovered from rtr1. You should
  see your PC's IP address and MAC address.

## Finding a computer in your network

* Obtain the MAC address from your laptop (or desktop). 
* In the Netdot web interface, go to Management -> Devices
* Type (or paste) your MAC address and hit ENTER

Netdot will show you which devices were seeing that MAC address the last
time that it discovered the network.

## Managing IP address space

Go to Management -> Address Space

You should see a list of private IP blocks (from RFC-1918). These come
pre-installed in Netdot. 

Click on 10.10.0.0/8

You will see a list of discovered IP blocks, which are marked as "Subnets".
These were found in routers. 

### Create a container to include all the group subnets

In the section called "Address Space Tasks" on top, click on the "[new]"
button and enter the following:

* IP/Prefix: 10.10.0.0/16
* Owner: click on [new]. 
* In the new "Entity" window, enter:
  * Name: NSRC Lab
  * Insert button, then [close]
* Used by: (leave blank)
* Status: Container
* Description: NSRC lab student networks
* Save button

You should now see the new Container page. It shows a graphical representation
of the /16 block. All the existing subnets are shown in red. The green space
represents unused or available address space.


# More information

[Official Netdot Website](http://netdot.uoregon.edu)