forked from Cacti/cacti
Testing Environment: CentOS
Mark Brugnoli-Vinten edited this page Jan 17, 2019
·
17 revisions
This page documents the process for installation of Cacti 1.x on CentOS Versions 6.9 and 7.5
It follows the conventions documented in the Test Environments: Before You Start
hostname _ssh_host_
echo "_ssh_host_" > /etc/hostname
system-network-config
yum install -y screen git
useradd _ssh_user_
passwd _ssh_user_
echo "_ssh_user_ ALL=(ALL) ALL" > /etc/sudoers.d/_ssh_user_
Note: Do NOT use a filename with a fullstop in it as sudo will ignore these by default
Create the authorized_keys file with the appropriate SSH keys
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
If you have predefined keys you wish to insert, simply edit the ~/.ssh/authorized_keys file
Package selection may be overkill but to ensure they are definitely installed.
yum install -y httpd mod_sql openssl mysql mysql-server php php-mysql php-xml php-mbstring php-cli php-common php-pdo php-gd
yum install -y centos-release-SCL && yum install -y php54 php54-php php54-php-gd php54-php-mbstring php54-php-mysqlnd php54-php-snmp php54-php-ldap
yum install -y net-snmp net-snmp-utils rrdtool
chkconfig httpd on
chkconfig mysqld on
mkdir -p /var/log/cacti \
/var/www/html/cacti/site \
/var/www/html/cacti/develop \
/var//www/html/cacti/feature \
/etc/pki/tls/cacti/
Run the following as _ssh_user_
sudo su - _ssh_user_
cd /var/www/html/cacti
git clone https://github.com/netniv/cacti/ site
cd site/
git remote add upstream https://github.com/cacti/cacti/ && git fetch --all
cd ../
cp -Rv site develop
cp -Rv site feature
cd /var/www/html/cacti/develop && git branch develop --set-upstream upstream/develop && git checkout develop
cd /var/www/html/cacti/feature && git branch feature/1.2.x --set-upstream upstream/feature/1.2.x && git checkout feature/1.2.x
Run the following as root
chown _ssh_user_:apache -Rv /var/www/html/cacti/
chmod u+rw,g+r,g-w,a+r -Rv /var/www/html/cacti
chmod u+rw,g+rw,a+r -Rv \
/var/www/html/cacti/site/log \
/var/www/html/cacti/feature/log \
/var/www/html/cacti/develop/log \
/var/www/html/cacti/site/rra \
/var/www/html/cacti/feature/rra \
/var/www/html/cacti/develop/rra \
/var/www/html/cacti/site/resource/ \
/var/www/html/cacti/feature/resource/ \
/var/www/html/cacti/develop/resource/
cd /var/www/html/cacti/site/ && git checkout release/_cacti_version_
cd /var/www/html/cacti/develop && git branch develop --set-upstream upstream/develop && git checkout develop
cd /var/www/html/cacti/feature && git branch feature/1.2.x --set-upstream upstream/feature/1.2.x && git checkout
cd /etc/pki/tls/cacti/
openssl req -new -sha256 -nodes -out _cacti_host_.csr -newkey rsa:2048 -keyout _cacti_host_.key -config <(
cat <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
C = GB
ST = Alive
L = The World
O = netniV
OU = CentOS6
emailAddress = netniv@hotmail.com
CN = _cacti_host_
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = develop._cacti_host_
DNS.2 = feature._cacti_host_
EOF
)
openssl x509 -req -days 1825 -in _cacti_host_.csr -signkey _cacti_host_.key -out _cacti_host_.crt
echo "NameVirtualHost *:443
NamevirtualHost *:80
SSLStrictSNIVHostCheck on
<VirtualHost *:443>
ErrorLog /var/log/cacti/site-error.log
TransferLog /var/log/cacti/site-access.log
CustomLog /var/log/cacti/site/site-request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/pki/tls/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /var/www/html/cacti>
AllowOverride All
</Directory>
DocumentRoot /var/www/html/cacti
ServerName _cacti_host_
</VirtualHost>
<VirtualHost *:443>
ErrorLog /var/log/cacti/develop-error.log
TransferLog /var/log/cacti/site/develop-access.log
CustomLog /var/log/cacti/site/develop-request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/pki/tls/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /var/www/html/cacti>
AllowOverride All
</Directory>
DocumentRoot /var/www/html/cacti
ServerName _cacti_host_
</VirtualHost>
<VirtualHost *:443>
ErrorLog /var/log/cacti/feature-error.log
TransferLog /var/log/cacti/site/feature-access.log
CustomLog /var/log/cacti/site/feature-request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/pki/tls/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /var/www/html/cacti>
AllowOverride All
</Directory>
DocumentRoot /var/www/html/cacti
ServerName _cacti_host_
</VirtualHost>
" > /etc/httpd/conf.d/cacti.conf
iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
service iptables save
(echo "" && echo "# Include custom SQL configurations" && echo '!includedir /etc/mysql/conf.d/') >> my.cnf
rm /var/lib/mysql/ib_logfile{0,1}
sudo -u mysql mysqld --skip-grant-tables &
mysql_upgrade
mkdir -p /etc/mysql/conf.d/
echo "[mysqld]
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
max_allowed_packet=18M
max_heap_table_size=98M
tmp_table_size=64M
join_buffer_size=64M
innodb_buffer_pool_size=488M
innodb_doublewrite=OFF
innodb_flush_log_at_timeout=3
innodb_read_io_threads=32
innodb_write_io_threads=16
default_time_zone='+00:00'
" > /etc/mysql/conf.d/cacti.cnf
service mysqld restart
cacti_sql=`mktemp -t XXXXXXXXXXXX -u`
echo "use mysql;
create database if not exists cacti_site;
create database if not exists cacti_feature;
create database if not exists cacti_develop;
use cacti_site;
source /var/www/html/cacti/site/cacti.sql;
use cacti_feature;
source /var/www/html/cacti/feature/cacti.sql;
use cacti_develop;
source /var/www/html/cacti/develop/cacti.sql;
" > $cacti_sql;
cacti_pw_site=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
cacti_pw_develop=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
cacti_pw_feature=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
echo "
GRANT ALL PRIVILEGES ON cacti_site.* TO 'cacti_site'@'localhost' IDENTIFIED BY '$cacti_pw_site';
GRANT ALL PRIVILEGES ON cacti_develop.* TO 'cacti_develop'@'localhost' IDENTIFIED BY '$cacti_pw_develop';
GRANT ALL PRIVILEGES ON cacti_feature.* TO 'cacti_feature'@'localhost' IDENTIFIED BY '$cacti_pw_feature';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_site'@'localhost';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_develop'@'localhost';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_feature'@'localhost';
FLUSH PRIVILEGES
" >> $cacti_sql
cat /var/www/html/cacti/site/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_site\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_site\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_site\2/g" > /var/www/html/cacti/site/include/config.php
cat /var/www/html/cacti/develop/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_develop\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_develop\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_develop\2/g" > /var/www/html/cacti/develop/include/config.php
cat /var/www/html/cacti/feature/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_feature\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_feature\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_feature\2/g" > /var/www/html/cacti/feature/include/config.php
mysql -u root -p < $cacti_sql
mysql -u root -p < /usr/share/mysql/mysql_test_data_timezone.sql;
sed -i "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /var/www/html/cacti/site/include/config.php
sed -i "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /var/www/html/cacti/develop/include/config.php
sed -i "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /var/www/html/cacti/feature/include/config.php
mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php53-php.off
sed -i "s/^[; ]*date\.timezone[ ]*=.*$/date.timezone = Europe\/London/gm" /etc/php.ini
sed -i "s/^[; ]*date\.timezone[ ]*=.*$/date.timezone = Europe\/London/gm" /opt/rh/php54/root/etc/php.ini
service httpd restart
wget https://dev.mysql.com/get/mysql57-community-release-el6-11.noarch.rpm
yum localinstall mysql57-community-release-el6-11.noarch.rpm
hostname _ssh_host_
echo "_ssh_host_" > /etc/hostname
nmtui
yum install -y screen git
useradd _ssh_user_
passwd _ssh_user_
echo "_ssh_user_ ALL=(ALL) ALL" > /etc/sudoers.d/_ssh_user_
Note: Do NOT use a filename with a fullstop in it as sudo will ignore these by default
Create the authorized_keys file with the appropriate SSH keys
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
If you have predefined keys you wish to insert, simply edit the ~/.ssh/authorized_keys file
Package selection may be overkill but to ensure they are definitely installed.
yum install -y httpd mod_ssl openssl mariadb-server mariadb php php-mysql php-xml php-mbstring php-gd php-cli php-common php-pdo php-posix php-ldap net-snmp net-snmp-utils rrdtool policycoreutils-python
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation
systemctl enable httpd
systemctl restart httpd
mkdir -p /var/log/cacti \
/usr/share/cacti/site \
/usr/share/cacti/develop \
/usr/share/cacti/feature \
/etc/pki/tls/cacti/
ln -s /usr/share/cacti /var/www/html/cacti
cd /usr/share/cacti
git clone https://github.com/cacti/cacti/ site
If you are using your own repo change the URL above and then add an upstream using:
cd site/
git remote add upstream https://github.com/cacti/cacti/ && git fetch --all
cd ../Create development and feature branch sites (use git checkout to change the branch to what you want)
mkdir develop
mkdir feature
cp -Rv site/. develop
cp -Rv site/. featureRun the following as root
chown _ssh_user_:apache -Rv /usr/share/cacti
chmod u+rw,g+r,g-w,a+r -Rv /usr/share/cacti
find /usr/share/cacti -maxdepth 1 -type d -exec chmod u+rw,g+rw,a+r -Rv {}/{log,rra,resource,scripts,cache}/ \;
semanage fcontext -a -t httpd_sys_content_t "/usr/share/cacti(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/cacti/(.*)/((log|rra|resource|scripts|cache)(/.*)?)"
semanage fcontext -a -t httpd_sys_content_t "/usr/share/cacti/.*/.htaccess"
restorecon -R -v /usr/share/cacti
The following are the different ways you can checkout various branches/tags
cd /var/www/html/cacti/site/ && git checkout release/_cacti_version_
cd /var/www/html/cacti/develop && git branch develop --set-upstream upstream/develop && git checkout develop
cd /var/www/html/cacti/feature && git branch feature/1.2.x --set-upstream upstream/feature/1.2.x && git checkout
cd /etc/pki/tls/cacti/
openssl req -new -sha256 -nodes -out _cacti_host_.csr -newkey rsa:2048 -keyout _cacti_host_.key -config <(
cat <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
C = GB
ST = Alive
L = The World
O = netniV
OU = CentOS6
emailAddress = netniv@hotmail.com
CN = _cacti_host_
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = develop._cacti_host_
DNS.2 = feature._cacti_host_
EOF
)
openssl x509 -req -days 1825 -in _cacti_host_.csr -signkey _cacti_host_.key -out _cacti_host_.crt
cat > /etc/httpd/conf.d/cacti.conf <<EOF
NameVirtualHost *:443
NamevirtualHost *:80
SSLStrictSNIVHostCheck on
<VirtualHost *:443>
ErrorLog /var/log/cacti/site-error.log
TransferLog /var/log/cacti/site-access.log
CustomLog /var/log/cacti/site-request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/pki/tls/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /usr/share/cacti/cacti/site>
AllowOverride All
</Directory>
DocumentRoot /user/share/cacti/site
ServerName _cacti_host_
</VirtualHost>
<VirtualHost *:443>
ErrorLog /var/log/cacti/develop-error.log
TransferLog /var/log/cacti/develop-access.log
CustomLog /var/log/cacti/develop-request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/pki/tls/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /usr/share/cacti/develop>
AllowOverride All
</Directory>
DocumentRoot /usr/share/cacti/develop
ServerName _cacti_host_
</VirtualHost>
<VirtualHost *:443>
ErrorLog /var/log/cacti/feature-error.log
TransferLog /var/log/cacti/feature-access.log
CustomLog /var/log/cacti/feature-request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/pki/tls/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/pki/tls/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /usr/share/cacti/feature>
AllowOverride All
</Directory>
DocumentRoot /usr/share/cacti/feature
ServerName _cacti_host_
</VirtualHost>
EOF
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
### Start/stopping safe-mode MariaDB
To enter safe mode:
```shell
systemctl stop mariadb
rm -f /var/lib/mysql/ib_logfile{0,1}
sudo -u mysql /usr/libexec/mysqld --skip-grant-tables &
Wait for the MariaDB version to appear.
When you want to return to normal service operation:
mysqladmin -u root -p shutdown
systemctl start mariadbFor upgrade issues, ensure MariaDB is in safe mode (see above):
mysql_upgradeTo reset root password, ensure that MariaDB is in safe mode (see above):
mysqlThis should take you straight in (or the above system stop did not work)
mysql> update mysql.user set Password=PASSWORD('your desired password') where user='root';If you still have issues, chech that there is a 'localhost' in the Host column for root. You may find changing the IPv6 local loopback to localhost helps:
mysql> update mysql.user set host = 'localhost' where host = '::1' and user='root';You need to insert a record otherwise.
Once all OK, flush the privileges (at this point passwords will be required again):
mysql> flush privilegs;
mysql> quitecho "[mysqld]
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
max_allowed_packet=18M
max_heap_table_size=98M
tmp_table_size=64M
join_buffer_size=64M
innodb_buffer_pool_size=488M
innodb_doublewrite=OFF
innodb_read_io_threads=32
innodb_write_io_threads=16
default_time_zone='+00:00'
" > /etc/my.cnf.d/cacti.cnf
systemctl restart mariadb
cacti_sql=`mktemp -t XXXXXXXXXXXX -u`
echo "use mysql;
create database if not exists cacti_site;
create database if not exists cacti_feature;
create database if not exists cacti_develop;
use cacti_site;
source /var/www/html/cacti/site/cacti.sql;
use cacti_feature;
source /var/www/html/cacti/feature/cacti.sql;
use cacti_develop;
source /var/www/html/cacti/develop/cacti.sql;
" > $cacti_sql;
cacti_pw_site=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
cacti_pw_develop=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
cacti_pw_feature=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
echo "
GRANT ALL PRIVILEGES ON cacti_site.* TO 'cacti_site'@'localhost' IDENTIFIED BY '$cacti_pw_site';
GRANT ALL PRIVILEGES ON cacti_develop.* TO 'cacti_develop'@'localhost' IDENTIFIED BY '$cacti_pw_develop';
GRANT ALL PRIVILEGES ON cacti_feature.* TO 'cacti_feature'@'localhost' IDENTIFIED BY '$cacti_pw_feature';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_site'@'localhost';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_develop'@'localhost';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_feature'@'localhost';
FLUSH PRIVILEGES
" >> $cacti_sql
cat /var/www/html/cacti/site/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_site\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_site\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_site\2/g" > /var/www/html/cacti/site/include/config.php
cat /var/www/html/cacti/develop/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_develop\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_develop\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_develop\2/g" > /var/www/html/cacti/develop/include/config.php
cat /var/www/html/cacti/feature/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_feature\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_feature\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_feature\2/g" > /var/www/html/cacti/feature/include/config.php
mysql -u root -p < $cacti_sql
mysql -u root -p < /usr/share/mysql/mysql_test_data_timezone.sql;
sed -i "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /var/www/html/cacti/site/include/config.php
sed -i "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /var/www/html/cacti/develop/include/config.php
sed -i "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /var/www/html/cacti/feature/include/config.php
sed -i "s/^[; ]*date\.timezone[ ]*=.*$/date.timezone = Europe\/London/gm" /etc/php.ini
service httpd restart
-
Testing Enviroments
OS Version Common Items Spine CentOS v 6 v 7 Fedora v 27 FreeBSD v 10.4 v 11.1 OpenSUSE Leaf v 42.3 Ubuntu v 18.04 v 17.10 v 16.04