Installing Sentinel Runtime
Objectives
-
Setting up a Horizon Sentinel running on one of the following Operating Systems
-
Secure access with encrypted passwords to the Karaf shell
-
Sentinel can be configured with the Karaf Shell from the server via
ssh admin@localhost -p 8301
-
Sentinel is running as user
sentinel
without root permissions
Requirements
-
Linux physical server or a virtual machine running a supported Linux operating system
-
Internet access to download the installation packages
-
Ensure DNS is configured, localhost and your servers host name is resolved properly
-
Horizon Core instance runs on latest stable release
-
Java installed OpenJDK 11
-
System user with administrative permissions (sudo) to perform the installation tasks NOTE: If you run Debian, you have to install and configure
sudo
yourself. A guide can be found in the Debian Wiki.
Time synchronization is a critical part of operating a monitoring system. Ensure you have a functional time synchronization process running with your operating system. If you are not familiar with this topic, the knowledgebase article Ensure time synchronization for your OpenNMS components is a good starting point. |
Installing the Sentinel package
sudo dnf -y install java-11-openjdk-headless
sudo dnf -y install https://yum.opennms.org/repofiles/opennms-repo-stable-rhel9.noarch.rpm
sudo rpm --import https://yum.opennms.org/OPENNMS-GPG-KEY
sudo dnf -y install opennms-sentinel
Disable the OpenNMS Horizon repository after installation to prevent unwanted upgrades when upgrading other packages on the server. After upgrading, Horizon requires manual steps to upgrade configuration files or migrate database schemas to a new version. For this reason, it is recommended to exclude the Horizon packages from updates except when you are planning on performing an upgrade. |
sudo dnf config-manager --disable opennms-repo-stable-*
sudo dnf -y install tree
tree /opt/sentinel -L 1
/opt/sentinel
├── bin
├── COPYING
├── deploy
├── etc
├── lib
└── system
sudo systemctl enable --now sentinel
sudo dnf -y install java-11-openjdk-headless
sudo dnf -y install https://yum.opennms.org/repofiles/opennms-repo-stable-rhel8.noarch.rpm
sudo rpm --import https://yum.opennms.org/OPENNMS-GPG-KEY
sudo dnf -y install opennms-sentinel
Disable the OpenNMS Horizon repository after installation to prevent unwanted upgrades when upgrading other packages on the server. After upgrade, Horizon requires manual steps to upgrade configuration files or migrate database schemas to a new version. For this reason, it is recommended to exclude the Horizon packages from update except when you are planning on performing an upgrade. |
sudo dnf config-manager --disable opennms-repo-stable-*
sudo dnf -y install tree
tree /opt/sentinel -L 1
/opt/sentinel
├── bin
├── COPYING
├── deploy
├── etc
├── lib
└── system
sudo systemctl enable --now sentinel
sudo yum -y install java-11-openjdk-headless
sudo yum -y install https://yum.opennms.org/repofiles/opennms-repo-stable-rhel7.noarch.rpm
sudo rpm --import https://yum.opennms.org/OPENNMS-GPG-KEY
sudo yum -y install opennms-sentinel
Disable the OpenNMS Horizon repository after installation to prevent unwanted upgrades when upgrading other packages on the server. After upgrade, Horizon requires manual steps to upgrade configuration files or migrate database schemas to a new version. For this reason, it is recommended to exclude the Horizon packages from update except when you are planning on performing an upgrade. |
sudo yum -y install yum-utils
sudo yum-config-manager --disable opennms-repo-stable-*
sudo yum -y install tree
tree /opt/sentinel -L 1
/opt/sentinel
├── bin
├── COPYING
├── deploy
├── etc
├── lib
└── system
sudo systemctl enable --now sentinel
curl -fsSL https://debian.opennms.org/OPENNMS-GPG-KEY | sudo gpg --dearmor -o /usr/share/keyrings/opennms.gpg
echo "deb [signed-by=/usr/share/keyrings/opennms.gpg] https://debian.opennms.org stable main" | sudo tee /etc/apt/sources.list.d/opennms.list
sudo apt update
You can safely ignore the message about conflicting distributions (expected stable but got opennms-xx). |
sudo apt -y install opennms-sentinel
Disable the OpenNMS Horizon repository after installation to prevent unwanted upgrades when upgrading other packages on the server. After upgrade, Horizon requires manual steps to upgrade configuration files or migrate database schemas to a new version. For this reason, it is recommended to exclude the Horizon packages from update except when you are planning on performing an upgrade. |
sudo apt-mark hold opennms-sentinel
sudo apt -y install tree
tree /usr/share/sentinel -L 1
/usr/share/sentinel
├── bin
├── data -> /var/lib/sentinel/data
├── deploy -> /var/lib/sentinel/deploy
├── etc -> /etc/sentinel
├── lib
└── system
sudo systemctl enable --now sentinel
sudo apt -y install curl gnupg ca-certificates
curl -fsSL https://debian.opennms.org/OPENNMS-GPG-KEY | sudo gpg --dearmor -o /usr/share/keyrings/opennms.gpg
echo "deb [signed-by=/usr/share/keyrings/opennms.gpg] https://debian.opennms.org stable main" | sudo tee /etc/apt/sources.list.d/opennms.list
sudo apt update
You can safely ignore the message about conflicting distributions (expected stable but got opennms-xx). |
sudo apt -y install opennms-sentinel
Disable the OpenNMS Horizon repository after installation to prevent unwanted upgrades when upgrading other packages on the server. After upgrade, Horizon requires manual steps to upgrade configuration files or migrate database schemas to a new version. For this reason, it is recommended to exclude the Horizon packages from update except when you are planning on performing an upgrade. |
sudo apt-mark hold opennms-sentinel
sudo apt -y install tree
tree /usr/share/sentinel -L 1
/usr/share/sentinel
├── bin
├── data -> /var/lib/sentinel/data
├── deploy -> /var/lib/sentinel/deploy
├── etc -> /etc/sentinel
├── lib
└── system
sudo systemctl enable --now sentinel
Secure Access to Karaf Shell
Change the default user/password admin/admin for the Karaf shell and encrypt it. |
sudo vi /opt/sentinel/etc/org.apache.karaf.jaas.cfg
#
# Boolean enabling / disabling encrypted passwords
#
encryption.enabled = true(1)
#...
encryption.algorithm = SHA-512(2)
1 | Enable password encryption from false to true |
2 | Set a secure encryption algorithm like SHA-512 |
As soon the file is saved, Karaf will immediately encrypt the password in users.properties
.
sudo vi /opt/sentinel/etc/users.properties
# All users, groups, and roles entered in this file are available after Karaf startup
# and modifiable via the JAAS command group. These users reside in a JAAS domain
# with the name "karaf".
#
# OPENNMS: Change the admin user from 'karaf' to 'admin'
admin = {CRYPT}C7AD...{CRYPT},_g_:admingroup(1)
1 | Replace the whole string {CRYPT}C7AD…{CRYPT} with your new password in plaintext.
As soon you save the file the password will be SHA-512 encrypted. |
sudo chmod 600 /opt/sentinel/etc/users.properties
sudo vi /usr/share/sentinel/etc/org.apache.karaf.jaas.cfg
#
# Boolean enabling / disabling encrypted passwords
#
encryption.enabled = true(1)
#...
encryption.algorithm = SHA-512(2)
1 | Enable password encryption from false to true |
2 | Set a secure encryption algorithm like SHA-512 |
As soon the file is saved, Karaf will immediately encrypt the password in users.properties
.
sudo vi /usr/share/sentinel/etc/users.properties
# All users, groups, and roles entered in this file are available after Karaf startup
# and modifiable via the JAAS command group. These users reside in a JAAS domain
# with the name "karaf".
#
# OPENNMS: Change the admin user from 'karaf' to 'admin'
admin = {CRYPT}C7AD...{CRYPT},_g_:admingroup(1)
1 | Replace the whole string {CRYPT}C7AD…{CRYPT} with your new password in plaintext.
As soon you save the file the password will be SHA-512 encrypted. |
sudo chmod 600 /usr/share/sentinel/etc/users.properties
Password or encryption algorithm changes happen immediately. It is not required to restart the Sentinel |
By default the Karaf Shell is restricted to 127.0.0.1.
If you want enable remote access, set sshHost=0.0.0.0 in org.apache.karaf.shell.cfg .
The change is applied immediately and a Sentinel restart is not required.
If you have a firewall running on your host, allow 8301/tcp to grant access to the Karaf Shell.
|
Set up flow processing
To set up flow processing with Sentinel, see scale flows data.