There is a full-automated script, that can be found here: https://gist.github.com/ZEROF/065b8708cbe3cd62d83d
The tutorial isn’t working for the latest nodewatch versions anymore but you can use the above script.
The guys from IT7 Networks Inc, who for instance run bandwagonhost (this blog is hosted on one of their servers btw), created a nice script to monitor openvz servers and automatically suspend them if some thresholds are reached.
You can fight abuse with this script and keep your nodes stable.
Unfortunately Nodewatch doesn’t work out of the box with Debian, but with some modifications you can get it running. That’s what I want to show you in the tutorial.
1. Register for a Nodewatch key:
At first you have to go to http://vpsantiabuse.com and register for a free Nodewatch key.
2. Installing Nodewatch:
Normally you would just download the nodewatch script and execute it, but the script is designed for CentOS.
We have to make some adjustments to the script to get it working properly:
Download the Nodewatch install-script and edit it:
cd /root wget http://deploy.vpsantiabuse.com/nodewatch-install.sh nano nodewatch-install.sh
In the first line of the script, you’ll find:
yum -y install zlib-devel bzip2-devel gcc openssl openssl-devel make
You’ll have to replace “yum” with “apt-get”, also there are no packages called zlib-devel, bzip2-devel and openssl-devel on Debian, the corresponding debian packages are zlib1g-dev, libbz2-dev and libssl-dev. To fix problems that arrise while installing the script, you should also install re2c, bison, openssl-dev* and flex + some other packages (thanks to ZEROF from LET).
In the end, the line looks like this:
apt-get -y install zlib1g-dev libbz2-dev gcc openssl openssl-dev* libssl-dev make re2c bison flex libltdl-dev libltdl7 libsslcommon2-dev libcurl4-openssl-dev libmcrypt-dev
Now gain execution rights and start the installation:
chmod u+x nodewatch-install.sh ./nodewatch-install.sh
The installation takes quiet some time, grab a coffee or a beer and sit back.
3. Configuring Nodewatch:
Let’s configure nodewatch now:
Add an admin e-mail and the license key you received via e-mail like this:
// e-mail address for alerts $admin_email = 'firstname.lastname@example.org'; // your license key, see http://vpsantiabuse.com/ $license_key = '3684c2f9562082580142b96db4ed5c
You can also configure thresholds in this file, but for this tutorial the default values are used.
By default, Nodewatch gets the VPS infos from /etc/sysconfig/vz-scripts/, this directory is different on Debian (it’s /etc/vz/conf/ on debian). The solution: Create a symlink to link the vm configuration directory to /etc/sysconfig/vz-scripts/.
mkdir /etc/sysconfig ln -s /etc/vz/conf /etc/sysconfig/vz-scripts
You have to do the same for the directory /vz/root. Nodewatch searches for server infos in this directory and it doesn’t exist, that’s why we you also have to create a symlink, pointing /var/lib/vz to /vz/root.
ln -s /var/lib/vz /vz
Now restart Nodewatch and it should run fine:
The following command should now show you stats for your VMs:
watch -n 1 cat /tmp/nodewatch_stats
Mentions: Thanks to Daniel from bandwagonhost/IT7 Networks Inc. for all the help that he provided regarding the installation of Nodewatch on Debian 7.