I recently added some bind servers to my Solarwinds Orion Monitoring and here are some notes to make it work.
Bind server running:
RHEL 9
Bind 9.16.23-RH
Agent Install
- Install the agent for RHEL (ignore this if you already have the agent)
- Configure the agent service swiagentd init
- set option 2: orion poller
- set option 5: orion password
note that the agent config can be automated by echoing a file into the command. Not ideal but works.
SSH key authentication for SAM to work
- make a key file: openssl genrsa -out certfile.key 4096 (this is needed to add to solarwinds credentials)
- export the pub: openssl rsa -in certfile.key -pubout -out certfile.pub (this is needed for each server)
- Add credentials to orion
- All settings->sam settings->certificate credentials library->Add new
- The name of the account you want to use: <samaccount>
- The private key goes in here
Configure for Bind (Linux - v9.6 and higher) SAM template
- Install perl on the bind server: dnf install perl -y
- Add user for same to use: useradd -r -s /bin/bash -m -d /home/<samaccount>
- Make the .ssh dir: mkdir /home/<samaccount>/.ssh
- Set perms on the .ssh dir: chmod 700 /home/<samaccount>/.ssh
- Next put the public key into the file /home/<samaccount>/.ssh/authorized_keys
- Set perms on file: chmod 600 /home/<samaccount>/.ssh/authorized_keys
- Set owner of the dir: chown -R <samaccount>:<samaccount> /home/<samaccount>/.ssh
- Restore control: restorecon -R -v /home/<samaccount>/.ssh/authorized_keys
- Add the <samaccount> account to the named group: usermod -aG named <samaccount>
Nothing groundbreaking so far.
Now the sort of dumb part
Problem 1:
What actually happens is that the orion script tries to run “rndc stats” as the <samaccount> account and it can’t
Problem 2:
The command “rndc stats” will append the output to the file every time it is run and output to a file that is defined in your /etc/named.conf “statistics-file”
This is what I did to solve these problems.
Make a cron job that runs every 5 minutes as root that first clears the stats file and then runs the “rndc stats”. I also copy it to another location i.e /var/tmp/ and give permission for the <samaccount> to read but I don’t know if this is necessary and was probably just done when troubleshooting.
I then went to the Orion template and edited the script for each of the sections to comment out the part where it tries to run the rndc stats command.
I also set the polling frequency to 360 (6 minutes)
The main issue I have with this is that the stats are not going to be true stats. The cron writes the stats every 5 minutes. Orion picks them up every 6 minutes. The Statistics are differences do occasionally the difference will be 0 on the poll but get added to the next poll
This is how I did it and it is collecting statistics.
I don’t know if this can be done by allowing the <samaccount> to sudo the command rndc stats and do the clearing of the file.
If anyone has any ideas on making this better let me know. I hope this helps someone.
