Step by step cacti server installation in centos 8

NMS, CRM, Hosting server, speedtest...
Post Reply
telco
Site Admin
Posts: 14
Joined: Mon Jul 13, 2020 11:19 pm

Step by step cacti server installation in centos 8

Post by telco »

########## Install first ##########

Code: Select all

yum install epel-release
yum install checkpolicy
yum install nano

########## Apache httpd : Install ##########
[1] Install httpd.

Code: Select all

[root@www ~]# dnf -y install httpd
# rename or remove welcome page
[root@www ~]# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.org

[2] Configure httpd. Replace Server name to your own environment.

Code: Select all

[root@www ~]# nano /etc/httpd/conf/httpd.conf

# line 89 : change to admin's email address
ServerAdmin root@srv.world

# line 98 : change to your server's name
ServerName www.telcoforum.com:80

# line 147 : change (remove [Indexes])
Options FollowSymLinks

# line 154 : change
AllowOverride All

# line 167 : add file name that it can access only with directory's name
DirectoryIndex index.html index.php index.cgi
# add follows to the end

# server's response header
ServerTokens Prod

[root@www ~]# systemctl enable --now httpd

[3] If Firewalld is running, allow HTTP service. HTTP uses 80/TCP.

Code: Select all

[root@www ~]# firewall-cmd --add-service=http --permanent
success
[root@www ~]# firewall-cmd --reload
success

########## Install PHP 7.4. ##########
[1] Confirm the current enabled version of PHP and Install it.

Code: Select all

[root@dlp ~]# dnf module list php
CentOS Stream 8 - AppStream
Name      Stream       Profiles                       Summary
php       7.2 [d]      common [d], devel, minimal     PHP scripting language
php       7.3 [e]      common [d], devel, minimal     PHP scripting language
php       7.4          common [d], devel, minimal     PHP scripting language
Hint: [d]efault, [e]nabled, [x]disabled, nstalled

# if other versions are enabled, reset once and switch to the version

Code: Select all

[root@dlp ~]# dnf module reset php
[root@dlp ~]# dnf module enable php:7.4
# specify PHP 7.4 and install

Code: Select all

[root@dlp ~]# dnf module -y install php:7.4/common
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Upgrading:
php-cli x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 3.1 M
php-common x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 696 k
php-fpm x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 1.6 M
php-json x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 74 k
php-mbstring x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 484 k
php-xml x86_64 7.4.6-4.module_el8.3.0+434+2ab5050a appstream 174 k
Installing module profiles:
php/common

Transaction Summary
================================================================================
Upgrade 6 Packages
.....
.....

Code: Select all

[root@dlp ~]# php -v
PHP 7.4.6 (cli) (built: May 12 2020 08:09:15) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
# verify to create test script

Code: Select all

[root@dlp ~]# echo "<?php echo 'PHP 7.4 Test Page'.\"\n\"; ?>" > php_test.php
[root@dlp ~]# php php_test.php
PHP 7.4 Test Page


########## Install MariaDB to configure Database Server. ##########

[1] Install MariaDB.

Code: Select all

[root@www ~]# dnf module -y install mariadb:10.3
[root@www ~]# nano /etc/my.cnf.d/charset.cnf
# create new
# set default charaset
# if not set, default is [latin1]
# for the case of 4 bytes UTF-8, specify [utf8mb4]

Code: Select all

[mysqld]
character-set-server = utf8mb4

[client]
default-character-set = utf8mb4

[root@www ~]# systemctl enable --now mariadb
[2] If Firewalld is running and also you allow to access MariaDB Server from remote Hosts, allow service. MariaDB uses [3306/TCP].

Code: Select all

[root@www ~]# firewall-cmd --add-service=mysql --permanent
success
[root@www ~]# firewall-cmd --reload
success

[3] Initial Settings for MariaDB.

Code: Select all

[root@www ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

# set root password

Code: Select all

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

# remove anonymous users
Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

# disallow root login remotely
Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

# remove test database
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

# reload privilege tables
Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

# connect to MariaDB with root

Code: Select all

[root@www ~]# mysql -u root -p
Enter password:     # password you set
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 10.3.11-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

Code: Select all

show user list
MariaDB [(none)]> select user,host,password from mysql.user;
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| root | 127.0.0.1 | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| root | ::1 | *xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+------+-----------+-------------------------------------------+
3 rows in set (0.000 sec)

Code: Select all

show database list
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

# create test database

Code: Select all

MariaDB [(none)]> create database test_database; 
Query OK, 1 row affected (0.000 sec)
# create test table on test database

Code: Select all

MariaDB [(none)]> create table test_database.test_table (id int, name varchar(50), address varchar(50), primary key (id)); 
Query OK, 0 rows affected (0.108 sec)
# insert data to test table

Code: Select all

MariaDB [(none)]> insert into test_database.test_table(id, name, address) values("001", "CentOS", "Hiroshima"); 
Query OK, 1 row affected (0.036 sec)
# show test table

Code: Select all

MariaDB [(none)]> select * from test_database.test_table; 
+----+--------+-----------+
| id | name   | address   |
+----+--------+-----------+
|  1 | CentOS | Hiroshima |
+----+--------+-----------+
1 row in set (0.000 sec)
# delete test database

Code: Select all

MariaDB [(none)]> drop database test_database; 
Query OK, 1 row affected (0.111 sec)

MariaDB [(none)]> exit
Bye
########## Install Cacti and SNMP. ##########
Install Cacti and SNMP.


# install from EPEL

Code: Select all

[root@dlp ~]# dnf --enablerepo=epel -y install cacti net-snmp net-snmp-utils php-mysqlnd php-snmp php-bcmath rrdtool
Configure SNMP (Simple Network Management Protocol).

Code: Select all

[root@dlp ~]# nano /etc/snmp/snmpd.conf
# line 41 : comment out

Code: Select all

#com2sec notConfigUser  default       public
# line 74,75 : uncomment and change
# change [mynetwork] to your own network
# change comunity name except public, private (for security reason)
## sec.name source community

Code: Select all

com2sec local     localhost       Serverworld
com2sec mynetwork 10.0.0.0/24     Serverworld
# line 78,79 : uncomment and change
## group.name sec.model sec.name

Code: Select all

group MyRWGroup  v2c        local
group MyROGroup  v2c        mynetwork
# line 85 : uncomment

Code: Select all

##           incl/excl subtree                          mask
view all    included  .1                               80
# line 93,94 : uncomment and change

Code: Select all

##                context sec.model sec.level prefix read   write  notif
access MyROGroup ""      v2c       noauth    exact      all    none   none
access MyRWGroup ""      v2c       noauth    exact      all    all    all

Code: Select all

[root@dlp ~]# systemctl enable --now snmpd
# verify settings
# replace [Serverworld] to the comunity name you set

Code: Select all

[root@dlp ~]# snmpwalk -v2c -c Serverworld localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux dlp.srv.world 4.18.0-305.el8.x86_64 #1 SMP Tue May 18 14:52:12 UTC 2021 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1250) 0:00:12.50
SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: dlp.srv.world
.....
.....

[6] Change MariaDB settings to Cacti required or recommended settings.

Code: Select all

[root@dlp ~]# nano /etc/my.cnf.d/mariadb-server.cnf
# add into [mysqld] section

Code: Select all

[mysqld]
.....
.....
default-time-zone='Asia/Karachi'
character-set-server=utf8mb4
character_set_client=utf8mb4
collation-server=utf8mb4_unicode_ci

max_heap_table_size=128M
tmp_table_size=128M
join_buffer_size=256M
innodb_file_format=Barracuda
innodb_large_prefix=1
innodb_buffer_pool_size=2048M
innodb_flush_log_at_timeout=3
innodb_read_io_threads=32
innodb_write_io_threads=16
innodb_buffer_pool_instances=17
innodb_io_capacity=5000
innodb_io_capacity_max=10000
# apply timezone setting

Code: Select all

[root@dlp ~]# mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
Enter password:
Warning: Unable to load '/usr/share/zoneinfo/leapseconds' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo/tzdata.zi' as time zone. Skipping it.
[root@dlp ~]# systemctl restart mariadb


Create a Database for Cacti and import tables.

Code: Select all

[root@dlp ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.3.28-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# create [Cacti] database
# replace [password] to any password

Code: Select all

MariaDB [(none)]> create database cacti; 
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on cacti.* to cacti@'localhost' identified by 'cactipassword'; 
Query OK, 0 rows affected (0.00 sec)
# add [select] right to [time_zone_name] table in [mysql] DB for Cacti requirements

Code: Select all

MariaDB [(none)]> grant select on mysql.time_zone_name to cacti@'localhost'; 

MariaDB [(none)]> flush privileges; 
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit 
Bye

Code: Select all

[root@dlp ~]# mysql -u cacti -p cacti < /usr/share/doc/cacti/cacti.sql
Enter password:   # cacti user password
If SELinux is enabled, change policy.

Code: Select all

[root@dlp ~]# setsebool -P httpd_can_network_connect on
[root@dlp ~]# setsebool -P httpd_unified on
[root@dlp ~]# setsebool -P domain_can_mmap_files on

Code: Select all

[root@dlp ~]# nano cacti-phpfpm.te
# create new

Code: Select all

module cacti-phpfpm 1.0;

require {
        type admin_home_t;
        type httpd_t;
        type httpd_log_t;
        class file { getattr map open read unlink write };
        class dir { remove_name };
}

#============= httpd_t ==============
allow httpd_t admin_home_t:file map;
allow httpd_t admin_home_t:file { getattr open read };
allow httpd_t httpd_log_t:dir remove_name;
allow httpd_t httpd_log_t:file { unlink write };

Code: Select all

[root@dlp ~]# checkmodule -m -M -o cacti-phpfpm.mod cacti-phpfpm.te
checkmodule: loading policy configuration from cacti-phpfpm.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 19) to cacti-phpfpm.mod
[root@dlp ~]# semodule_package --outfile cacti-phpfpm.pp --module cacti-phpfpm.mod
[root@dlp ~]# semodule -i cacti-phpfpm.pp
Configure Cacti and others.

Code: Select all

[root@dlp ~]# nano /etc/cron.d/cacti
# uncomment
*/5 * * * *     apache  /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Code: Select all

[root@dlp ~]# nano /usr/share/cacti/include/config.php
# line 29 : change to the connection info to MariaDB

Code: Select all

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cactipassword";
$database_port = "3306";
$database_ssl = false;

Code: Select all

[root@dlp ~]# nano /etc/php.ini
# line 388 : change to Cacti recommended

Code: Select all

max_execution_time = 60
# line 409 : change to Cacti recommended
memory_limit = 512M
# line 923 : set default timezone (replace to your own one)
date.timezone = Asia/Karachi
[root@dlp ~]# nano /etc/httpd/conf.d/cacti.conf
# line 17 : add access permission if you need
Require host localhost
Require ip 10.0.0.0/24

Code: Select all

[root@dlp ~]# systemctl restart httpd php-fpm


########## Spine installation ##########

Preinstall

Code: Select all

yum install cmake
yum install wget
yum install make
dnf --enablerepo=powertools install help2man
yum install -y gcc mysql-devel net-snmp-devel autoconf automake libtool dos2unix

Code: Select all

wget https://files.cacti.net/spine/cacti-spine-1.2.19.tar.gz
tar xfz cacti-spine-1.2.19.tar.gz

Code: Select all

cd cacti-spine-1.2.19

Code: Select all

./bootstrap
./configure
make
make install
chown root:root /usr/local/spine/bin/spine
chmod u+s /usr/local/spine/bin/spine

Code: Select all

mv /usr/local/spine/etc/spine.conf.dist /usr/local/spine/etc/spine.conf

Code: Select all

nano /usr/local/spine/etc/spine.conf
########## and update ##########

Code: Select all

DB_Host       localhost
DB_Database   cacti
DB_User       cacti
DB_Pass       cactipassword

Post Reply