Install Pihole on Synology with docker

Unfortunately, there isn’t a pihole addon in the Synology package center. But you can build your pihole in a docker container instead 🙂

The reason you must use docker-compose instead of the Synology docker package itself is that you want to bridge net NIC of your Synology and place the pihole direct in your network. You cannot do this with the GUI.

The steps:

  • Install docker with the package center
  • Activate SSH
  • Download de image pihole/pihole:latest
  • Login with ssh
  • type vi docker-compose.yaml
  • Paste the content from the docker-compose.yaml example into the vi
  • Change the IP adressen to your own network
  • Type :wr to save the file
  • Type :q to quit vi
  • Type “sudo docker-compose up”
  • Have fun!

Docker-compose.yaml Example

# Note: 192.168.123.xxx is an example network, you must update all these to match your own.

version: '2'

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pihole
    domainname: localhost             # <-- Update
    mac_address: d0:ca:ab:cd:ef:01
    cap_add:
      - NET_ADMIN
    networks:
      pihole_network:
        ipv4_address: 192.168.123.199   # <-- Update
    dns:
      - 127.0.0.1
      - 1.1.1.1
    ports:
      - 443/tcp
      - 53/tcp
      - 53/udp
      - 67/udp
      - 80/tcp
    environment:
      ServerIP: 192.168.123.199                 # <-- Update (match ipv4_address)
      VIRTUAL_HOST: pihole.localhost            # <-- Update (match hostname + domainname)
      WEBPASSWORD: "justarondompassword"        # <-- Add password (if required)
    restart: unless-stopped

networks:
  pihole_network:
    driver: macvlan
    driver_opts:
      parent: ovs_eth0
    ipam:
      config:
        - subnet: 192.168.123.0/24            # <-- Update
          gateway: 192.168.123.1              # <-- Update
          ip_range: 192.168.123.192/28        # <-- Update

When you want to update the docker container, all you have to do is:

sudo docker-compose down

and

sudo docker-compose up

A good article I used to figure everything out is: http://tonylawrence.com/posts/unix/synology/free-your-synology-ports/

Nagios xi remove host and services

Run each of the following scripts from:
/usr/local/nagiosxi/scripts
cd /usr/local/nagiosxi/scripts/
./nagiosql_delete_service.php –-config=LOC_MASShost_1
After the services have successfully been deleted, the host can be removed as well:
./nagiosql_delete_host.php –-host=LOC_MASShost_1
Once the host is removed, the new configuration can be applied and verified by running the reconfigure_nagios.sh
./reconfigure_nagios.sh

Zenoss reverse proxy with Pound (CentOS)

Zenoss don’t support SSL certificates out-of-the-box. If you want to use an SSL connection to your zenoss monitor server the only thing you can do is use an reverse proxy. You can use this howto to install and configure a pound reverse proxy.

Install pound with the EPEL

Install the EPEL (more info about EPEL) repository with these commands:

su -c 'rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm'
yum update

Install pound

yum install pound

Install pound without the EPEL

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/Pound-2.6-2.el6.x86_64.rpm
rpm -ivh Pound-2.6-2.el6.x86_64.rpm

Configure Pound

I had a lot of trouble because I used a real SSL certificate immediately. The cause was I dropped the SSL cert in the wrong linux folder. Best practice is first create a selfsigned SSL, test pound and then replace the selfsigned with a real SSL certificate.

cd /etc/ssl && openssl req -x509 -newkey rsa:1024 -keyout local.server.pem -out local.server.pem -days 365 -nodes

Configure Pound

nano /etc/pound.cfg

Config file:

User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"
ListenHTTPS
Address 192.168.0.x
Port    443
Cert    "/etc/ssl/local.server.pem"
End
Service
BackEnd
Address 127.0.0.1
Port    8080
End
End

Now start the pound service

service pound start

Change the Zenoss config the handle the HTTPS traffic

nano /opt/zenoss/etc/zope.conf

Ad these 3 lines:

<cgi-environment>
HTTPS ON
</cgi-environment>

Restart zope

su - zenoss
restart zopectl

Replace the selfsigned SSL with a wildcard SSL (optional)

Create a PFX in windows. Tranfer the PFX to the Zenoss server and tranform the PFX to PEM (Linux certificate format). The command:

openssl pkcs12 -in validcertificate.pfx -out wilcard.domain.nl.pem -nodes

Now change the pound cert:

nano /etc/pound.cfg
ListenHTTPS
Address 192.168.0.x
Port    443
Cert    "/etc/ssl/wilcard.domain.nl.pem"
End

Restart the service

service pound restart

Source: Enabling SSL in Zenoss 4.2 – Open Source Network Monitoring and Systems Management

Zenoss: Performance issues with too many events

When you have too many events in your zenoss environment the zenoss webinterface will be very sloooooooow. And you get all kind of errors:

  • Script don’t respond
  • Connection refused. Check zeneventserver status on deamons
  • A zenoss error has occurred

When you start top you see alot of java executables when you click on the Infrastructure zenoss button. Java sometimes take 350% CPU.

java -Djetty.host=localhost -server -XX:+HeapDumpOnOutOfMemoryError -DZENOSS_COMMAND=zeneventserver -DZENHOME=/opt/zenoss -Djetty.home=/opt/zenoss -Djetty.logs=/opt/zenoss/log -Dlogback.configurationFile=/opt/zenoss/etc/zeneventserver/logback.xml -Xmx1024m -DZENOSS_DAEMON=y -jar /opt/zenoss/lib/jetty-start-7.5.3.v20111011.jar --config=/opt/zenoss/etc/zeneventserver/jetty/start.config --ini=/opt/zenoss/etc/zeneventserver/jetty/jetty.ini --pre=etc/zeneventserver/jetty/jetty-logging.xml

I’ve read a lot of zenoss documentation on the internet but didn’t   found a nice article to get rid of all the events. So here is an article how I fixed it.

Basic steps:

  1. Backup Zenoss
  2. Stop zenoss
  3. Create a new zeneventserver database
  4. Remove zeneventserver content
  5. Restore the zenoss backup
  6. Start zenoss
  7. Enjoy your fast zenoss 🙂

Detailed steps:

  • ssh zenoss host
  • Switch zenoss user

# su zenoss

  • Create backup:

$ /opt/zenoss/bin/zenbackup -v10

  • Stop Zenoss service

$ zenoss stop

  • edit  the zeneventserver script

nano /opt/zenoss/bin/zeneventserver-create-db

  • Search for root and add the root password

root-password

  • Run the script

$ zeneventserver-create-db --force --dbtype=mysql

  • Clear the zeneventserver folder

rm -rf $ZENHOME/var/zeneventserver/*

Now some tricky part. Zenoss change some MySQL passwords when you do a restore.  This result in a access denied for user [email protected] during a restore. There is a fix for this problem. Reset the [email protected]’localhost’ and [email protected]’%’ MySQL passwords before you do a restore.

First get the current mysql from the global.conf file (yellow). This password is the password you need for the restore.

$nano /opt/zenoss/etc/global.conf

global.conf

Tip: Too check the password (encrypted). You can do the same after you change the password:

$ mysql -uroot -p
mysql> select * from mysql.user;

mysql-encrypted

Now reset the password

SET PASSWORD FOR 'zenoss'@'localhost' = PASSWORD('BEagPxxxxxxxxxxxxxxx');
SET PASSWORD FOR 'zenoss'@'%' = PASSWORD('BEagPxxxxxxxxxxxxxxx');

When you check the permissions now you see another encryption:

$ mysql -uroot -p
mysql> select * from mysql.user;

(I don’t have an image example because this is an production enviroment)

Optional: To check the zenoss user permissions:

mysql> SELECT user, host, db, select_priv, insert_priv, grant_priv FROM mysql.db;

mysql-permissions

Optional: When you still have errors or the above rights ain’t good try these two MySQL scripts:

mysql> CREATE USER 'zenoss'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'zenoss'@'localhost'
-> WITH GRANT OPTION;

mysql> CREATE USER 'zenoss'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'zenoss'@'localhost'
-> WITH GRANT OPTION;

Ok, now everting is set do a restore. The -v stands for verbose and with the no-eventsdb you don’t restore all the events. That’s exactly what we want

zenrestore --file=/opt/zenoss/backups/zenbackup_2014013 -v --no-eventsdb

Now start zenoss

$zenoss start

That’s it.  Enjoy the performance and set some parameters that your events ain’t that big any more in the future.

Source: http://www.nickyeates.com/technology/zenoss/useful_commands_zenoss4
Source: http://community.zenoss.org/docs/DOC-3048

IPMonitor Mass-Edit Disk Space Monitors

  • Click edit > Mass Edit > Monitor Properties

ipmonitor - monitor properties

  • “Add” Monitors where “property” “Type” (Object Type) Matches regular  expression: “drive”
  • Replace “Minimum Threshold” by “Overwrite”.  Replace with: “10”

ipmonitor - mass edit

  • Click “Preview” to ensure the proper values are being changed.
  • Click “Next”

Nagios: exclude specific services

With Nagios services check you want include all windows services with status automatic. But some services like the .NET or windows installer services stop sometimes and your monitor turns red. If you want to exclude specific services add this config to the NSC.ini file:

alias_service=checkServiceState CheckAll  exclude=sppsvc exclude=someotherservice exclude=ShellHWDetection