Why support may ask for your backup.nems file, and why you should never share it with others

During support sessions I often request either SSH access or a copy of the user’s backup.nems file. SSH access, it should be obvious, should not be shared with just anyone. Also, you should never, ever, ever, open SSH to the world on your NEMS server if you have not yet initialized it. This is because there are botnets that look for Raspberry Pi computers which use the default “raspberry” password, and then compromize them. Continue reading

Configuring email notifications in NEMS

A step-by-step guide to configuring Email Notifications on your NEMS Server. Continue reading

NEMS 1.2.1 Technical Information

The following is the technical information outline of NEMS (Nagios Enterprise Monitoring Server). Continue reading

NEMS Changelog Archive

This is the historical changelog. For the latest version of NEMS please visit baldnerd.com/nems
Continue reading

Backup your NEMS configuration files automatically

One of the worst things that can happen to your NEMS deployment is having your SD card fail. So keeping a current backup of your NEMS configuration is a smart idea.

Your NEMS Migrator snapshots are always accessible at http://NEMSIP/backup/ and will automatically generate and send a backup.nems file, which contains all the NEMS configuration settings, logs, data, etc. to allow an easy recovery by restoring to a new NEMS deployment.

Knowing this, it’s easy to add a NEMS backup to your daily backup script.

From your Linux server (where your backups run), simply add this to your backup task:

… where /backup/backup.nems is where you want it to output the download, NEMSIP is the actual internal IP address of your NEMS server and YOURUSER and YOURPASSWORD are those you set during nems-init. From there, I recommend you have your backup script run an rdiff-backup of your /backup folder (in this example) to allow for versioning.

Setting up NRPE on Windows for NEMS

Please Note: As of NEMS 1.2 NSClient++ is optional for monitoring of Windows computers (thanks to the addition of WMIC). If you’d like to use it, please follow the directions below.

  1. Grab the latest Windows client at https://www.nsclient.org/download/
  2. Install the client with the following settings:
    • Select to install the “Generic mode” NSClient++.
    • Choose “Complete installation” and if asked, choose to save config to ini file.
    • Under “Allowed Hosts” it should read 127.0.0.1,NEMSIP (where NEMSIP is the IP address of your NEMS server)
    • Clear the Password field for ease of deployment. NEMS sample scripts are setup to use NRPE without a password because I’m making the assumption that this is being deployed in a trusted LAN. If you do not blank the password here, you will have to edit all the scripts before NEMS will be able to communicate with this computer.
    • Enable all modules and change the NRPE mode to Legacy. NEMS uses Nagios 3.5.1 at present, and I suppose that’s technically “Legacy”. 🙂
    • Screen should look a little something like this:
      nsclient-setup
  3. Add your Windows host to NEMS. If you are using NEMS 1.1+ you can use the template “ourwinserver” in nconf. Just change the hostname and the IP address.

Please note: If you have a software firewall running on your Windows machine, setup an exception for your NEMS server IP to gain access through ports 5666 and 12489.

NEMS Migrator: Upgrade NEMS 1.0 or nagiospi to latest NEMS

Thanks for being an early-adopter! Whether you’re coming from NEMS 1.0 or its predecessor, nagiospi, I want to make it as easy as possible for you to get the latest and greatest, without having to reconfigure everything. It’s been exciting to see the NEMS project really catching on, and I endeavor to make it the best it can be. Your suggestions along the way have helped me focus on some great features for as NEMS continues to evolve.

NEMS 1.1+ has a nifty backup and export tool called NEMS Migrator. While it comes pre-packaged in 1.1+, I designed it specifically to run on legacy builds as well (NEMS 1.0 or nagiospi), giving you the opportunity to export your old configuration, deploy the latest version of NEMS, and then restore the configuration to NEMS. Easy peasy!

Here’s what you need to do:

Note: These instructions are for NEMS 1.0 or nagiospi only. Do not do this on NEMS 1.1+ as the tool is already built-in.

  1. SSH into your NEMS/nagiospi server.
  2. Become root: sudo su
  3. Update repository data. Type: apt-get update
  4. Install Git. Type: apt-get install git
  5. Install NEMS-Migrator in /tmp. Type:
    cd /tmp && git clone https://github.com/Cat5TV/nems-migrator
  6. Create the backup config on your NEMS/nagiospi system. Type:
    • If on NEMS 1.0: cd /tmp/nems-migrator && ./backup.sh
    • If on nagiospi: cd /tmp/nems-migrator && ./nagiospi2nems.sh
  7. Download the backup to your computer by opening it in your web browser. In your favorite web browser, simply add /backup/ to the end of your NEMS/nagiospi server address. Eg., http://10.0.0.5/backup/
  8. Now that you have your backup.nems file, follow the instructions here to restore your configuration to a new version of NEMS.

NEMS Migrator: Restore

The NEMS Migrator tool allows you to export/backup your NEMS configuration (backup.nems) as well as import a previous backup (through the Restore option).

The NEMS Migrator’s backup and restore options are great for keeping a safe backup without having to shutdown your NEMS server. Just download the file once in a while, or back it up automatically with your daily backup script.

NEMS Migrator is also helpful when upgrading from previous versions of NEMS, saving you having to reconfigure your NEMS deployment just to get the latest features.

Important Note
I am a firm believer in redundancy, and protecting your data. What I’d like you to do is, export your migration file, then install NEMS on a new MicroSD card. Then boot from that and restore your NEMS Migrator backup. Once you’ve confirmed everything worked well, you can deprecate the old one safely. However, if something went wrong, you can contact me to fix it for you, and continue running from the old SD card in the interim.

How to Restore a NEMS Migrator Backup
Requires NEMS 1.2+

  1. Place your backup.nems file on a USB flash drive. You can access this directly from your web browser at http://NEMSIP/backup/ where NEMSIP is the IP address of the NEMS server you wish to backup.
  2. Deploy the version of NEMS you wish to restore the backup to. Please heed my Important Note above.
  3. Boot the new NEMS deployment and mount the USB flash drive.
  4. Determine the location of backup.nems in relationship to your mountpoint. For example, if you mounted the USB flash drive on /mnt/flash you may determine the location to be /mnt/flash/backup.nems
  5. Armed with that information, run the following command (use the full path to your backup.nems file):
  6. Follow the prompts on screen to restore your configuration to the new NEMS deployment. If it fails for any reason, you can safely shut down and replace the SD card with your original deployment.

If you have any problems (or praise) please comment below.

Installing the Nagios NRPE Client Agent on Debian / Ubuntu

The Nagios Remote Plugin Executor (NRPE) allows your Nagios Enterprise Monitoring Server to communicate with the Linux machines on your server to determine things like free disk space, CPU load, and detect possible issues that a simple ping can’t determine.

There are countless instructions online to download tar.gz files and install manually, or use a PPA to install via apt-get, but you’ll be surprised to note the needed packages are in fact already in your Debian (and by proxy, Ubuntu) repositories.

To install the needed NRPE client on Debian / Ubuntu / other Debian-based Linux operating systems:

Don’t forget that you need to be root (Debian) or use sudo (Ubuntu).

Next, we just have to tell NRPE that it’s allowed to communicate with our Nagios server. On the client system, open the file /etc/nagios/nrpe.cfg

Find the line that reads: allowed_hosts=127.0.0.1

Now there are a few ways we can allow our server. First (and most obvious) is to add its IP address like this:

Where 192.168.0.5 is our Nagios/NEMS server.

Alternatively we can tell NRPE that it’s allowed to communicate with any local system:

Now, save the file and restart NRPE as follows:

And there we have it! Your Nagios/NEMS server should now be able to see your Linux machine.

Looking for a lightweight, affordable, easy-to-deploy enterprise monitoring server? Check out Nagios Enterprise Monitoring Server for Raspberry Pi 3!

Plex Media Server on a Raspberry Pi 3

I wanted to document the instructions shared on Episode 459 to supplement the episode.

On the show, Jeff and I demonstrated how to turn a Raspberry Pi 3 with Raspbian Jessie into a Plex Media Server, giving you the chance to stream your entire video and music library to all your devices.

I won’t get into the full details here, since this is only a supplement to give you some copy-and-paste instructions, but I’d encourage you to watch the video.

What You Need

  1. A Raspberry Pi 3 Micro Computer. Please consider purchasing it through our store to support what we do: https://cat5.tv/pi
  2. Raspbian Jessie – A free download from raspberrypi.org
  3. Obvious stuff like a good MicroSD card, Ethernet cable (preferred as opposed to wifi), keyboard and mouse… etc.

How to Do The Do

  1. In terminal, upgrade your distro to the latest and greatest.
  2. Reboot the Pi.
  3. Add the ability for apt to use https repositories.
  4. Add the Plex Media Server repository provided by Universität Leipzig.

    Add this line:
  5. Add the GPG key for the repository.
    This is the “easy” method (which didn’t work for us because my keyboard was in some weird mode with no pipe character):

    Alternate method (which I had to use on the show since I didn’t have a pipe character… I’ve cleaned it up a bit since the live show so it is cleaner since it was an unexpected twist and I kinda made it seem more confusing than it should):
  6. Update apt.
  7. Install Plex Media Server.
  8. Create the default config file so Plex knows what user to operate under.

    (Thanks to Steve for submitting this additional step)
  9. Reboot one final time.

And there you have it! All the commands we used to get Plex Media Server installed on a Raspberry Pi 3 in a nice clean blog post  🙂

From there, we plugged in the USB flash drive (don’t do it! Use a proper external hard drive–this was only a demonstration) and after it mounted we used the following command to see its /dev assignment:

Since our drive was /dev/sda1, and of the filesystem type “fat32” this is what I did to make it work as the media library for Plex Media Server:

and add the following line:

I then created the mountpoint:

and made it so it can only be written to if mounted:

and finally, mounted the drive:

From there, I could easily add folders on my external drive to Plex using the web interface, which you’ll find on Port 32400 in the /web subfolder on your Pi.

To get my IP address, I brought up the terminal on the Pi and typed:

That showed the IP address of my Pi under “Ethernet”… 192.168.0.105

So to open Plex in my browser, from my computer I entered:

The IP address will most likely be different for yours, and you might even want to set it up as a static IP. Easiest way to do that would be to use your router’s DHCP reservations to hard-set the Pi to something outside your DHCP pool. For me, that’d be 192.168.0.5 or something like that, since the pool seemingly starts at 100.

Good luck, and if you have any questions or comments, please leave them below. Don’t forget, if this has helped you out, or if you just love supporting nice guys who wanna keep giving knowledge for free, please head over to our Patreon page, or throw a bit in the tip jar. Thanks!