forked from Cacti/cacti
-
Notifications
You must be signed in to change notification settings - Fork 0
Testing Environment: FreeBSD
Mark Brugnoli-Vinten edited this page Aug 23, 2018
·
6 revisions
This page documents the process for installation of Cacti 1.x on FreeBSD Versions 11.x and 10.x
It follows the conventions documented in the Test Environments: Before You Start
See rc.conf(5) for more information
Edit the /etc/hosts file using vi and replace the name with desired name:
sudo vi /etc/hostsSet hostname at command line for immediate pickup
sudo hostname new-name-here
Enable the network interface Edit /etc/rc.conf using vi and replace value of the hostname variable:
sudo vi /etc/rc.confAlso insert the following to enable the network card:
ifconfig_em0="DHCP"
ifconfig_em0_ipv6="inet6 accept_rtadv"
sshd_enable="YES"Install the basic packages:
pkg install -y screen git sudo nano bash
ln -s /usr/local/bin/nano /usr/bin/nano
pw user add _ssh_user_ -s /bin/bash
passwd _ssh_user_
echo "_ssh_user_ ALL=(ALL) ALL" > /usr/local/etc/sudoers.d/_ssh_user_Note: Do NOT use a filename with a fullstop in it as sudo will ignore these by default
Create the authorized_keys file with the appropriate SSH keys
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
cat > .screenrc << EOF
startup_message off
altscreen on
msgwait 0
term xterm-256color
defscrollback 5000
termcapinfo xterm* ti@:te@
pushd $HOME/
bind R eval "source $HOME/.screenrc" "echo '.screenrc' reload"
bind \033 screen -t "Root Shell" 1 bash -c 'echo Logging in as root; sudo su'
hardstatus alwayslastline
hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%'
activity "%c activity -> %n%f %t^G"
EOFIf you have predefined keys you wish to insert, simply edit the ~/.ssh/authorized_keys file
Package selection may be overkill but to ensure they are definitely installed.
pkg install -y mod_php56 apache24 mysql57-server \
php56-mysql php56-mysqli php56-xml php56-ldap php56-gmp php56-mbstring \
php56-pdo php56-pdo_mysql php56-gd php56-snmp php56-session php56-zlib \
php56-simplexml php56-posix php56-sockets php56-openssl rrdtoolSet system flags in /etc/rc.conf
sysrc apache24_enable="yes"
sysrc mysql_enable=yes
sysrc snmpd_enable="yes"
sysrc snmpd_flags="-a"
sysrc snmpd_conffile="/usr/local/share/snmp/snmpd.conf /etc/snmpd.conf"
sysrc snmptrapd_enable="YES"
sysrc snmptrapd_flags="-a -p /var/run/snmptrapd.pid"Setup standard configuration files:
cp /usr/local/etc/php.ini-production /usr/local/etc/php.iniEnable bootloading of required modules for Apache
echo 'accf_http_load="YES"' >> /boot/loader.conf
echo 'accf_data_load="YES"' >> /boot/loader.conf
kldload accf_http
kldload accf_dataStart services
service apache24 start
service mysql-server startThe following commands are assumed to be running under the BASH shell
mkdir -p /etc/ssl/cacti/ \
/var/log/cacti/ \
/usr/share/cacti/{site,feature,develop}
chown -Rv _ssh_user_:_website_user_ /usr/share/cacti/Run the following as _ssh_user_
sudo su - _ssh_user_
cd /usr/share/cacti
git clone https://github.com/netniv/cacti/ site
cd site/
git remote add upstream https://github.com/cacti/cacti/ && git fetch --all
cd ../
cp -Rva site/. develop
cp -Rva site/. feature
cd /usr/share/cacti/develop && git branch develop --set-upstream-to upstream/develop && git checkout develop
cd /usr/share/cacti/feature && git branch develop --set-upstream-to upstream/develop && git checkout developRun the following as root
chown -Rv www:www \
/usr/share/cacti/{site,feature,develop}/resource \
/usr/share/cacti/{site,feature,develop}/scripts \
/usr/share/cacti/{site,feature,develop}/log \
/usr/share/cacti/{site,feature,develop}/cache \
/usr/share/cacti/{site,feature,develop}/rra
chmod -Rv u+rw,g+r,g-w,a+r /usr/share/cacti
chmod -Rv u+rw,g+rw,a+r \
/usr/share/cacti/{site,feature,develop}/log \
/usr/share/cacti/{site,feature,develop}/rra \
/usr/share/cacti/{site,feature,develop}/resource/cd /usr/share/cacti/site/ && git checkout release/_cacti_version_
cd /usr/share/cacti/develop && git branch develop --set-upstream upstream/develop && git checkout develop
cd /usr/share/cacti/feature && git branch feature/1.2.x --set-upstream upstream/<branch> && git checkout <branch>pkg install py27-acme
certbot certonly --webroot \
--webroot-path /usr/share/cacti/site -d _cacti_host_ \
--webroot-path /usr/share/cacti/feature -d feature._cacti_host_ \
--webroot-path /usr/share/cacti/develop -d develop._cacti_host_
mkdir -p /etc/ssl/cacti/
cd /etc/ssl/cacti/
ln -s /usr/local/etc/letsencrypt/live/_cacti_host_/cert.pem /etc/ssl/cacti/_cacti_host_.crt
ln -s /usr/local/etc/letsencrypt/live/_cacti_host_/privkey.pem /etc/ssl/cacti/_cacti_host_.keyecho 'Listen 443
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCacheTimeout 300
' > /usr/local/etc/apache24/modules.d/020_mod_ssl.conf
echo 'LoadModule ssl_module libexec/apache24/mod_ssl.so' > /usr/local/etc/apache24/Includes/000-ssl-enable.conf
echo '<IfModule dir_module>
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
</IfModule>
' > /usr/local/etc/apache24/Includes/000-php.conf
echo 'NameVirtualHost *:443
NamevirtualHost *:80' > /usr/local/etc/apache24/Includes/cacti-001-common.conf
echo '<VirtualHost *:443>
ErrorLog /var/log/cacti/site-error.log
TransferLog /var/log/cacti/site-access.log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/ssl/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/ssl/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /usr/share/cacti/site/>
AllowOverride All
</Directory>
DocumentRoot /usr/share/cacti/site/
ServerName _cacti_host_
</VirtualHost>' > /usr/local/etc/apache24/Includes/cacti-002-site.conf
echo '<VirtualHost *:443>
ErrorLog /var/log/cacti/develop-error.log
TransferLog /var/log/cacti/develop-access.log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/ssl/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/ssl/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /usr/share/cacti/develop>
AllowOverride All
</Directory>
DocumentRoot /usr/share/cacti/develop
ServerName develop._cacti_host_
</VirtualHost>' > /usr/local/etc/apache24/Includes/cacti-003-develop.conf
echo '<VirtualHost *:443>
ErrorLog /var/log/cacti/feature-error.log
TransferLog /var/log/cacti/feature-access.log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/ssl/cacti/_cacti_host_.crt
SSLCertificateKeyFile /etc/ssl/cacti/_cacti_host_.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /usr/share/cacti/feature>
AllowOverride All
</Directory>
DocumentRoot /usr/share/cacti/feature
ServerName feature._cacti_host_
</VirtualHost>' > /usr/local/etc/apache24/Includes/cacti-004-feature.conf
service apache24 restart
systemctl apache24 status
echo "[mysqld]
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
max_allowed_packet=18M
max_heap_table_size=98M
tmp_table_size=64M
join_buffer_size=64M
innodb_buffer_pool_size=488M
innodb_doublewrite=OFF
innodb_flush_log_at_timeout=3
innodb_read_io_threads=32
innodb_write_io_threads=16
default_time_zone='+00:00'
" > /etc/mysql/conf.d/cacti.cnf
systemctl restart mysql
cacti_sql=`mktemp -t XXXXXXXXXXXX -u`
echo "use mysql;
create database if not exists cacti_site;
create database if not exists cacti_feature;
create database if not exists cacti_develop;
use cacti_site;
source /usr/share/cacti/site/cacti.sql;
use cacti_feature;
source /usr/share/cacti/feature/cacti.sql;
use cacti_develop;
source /usr/share/cacti/develop/cacti.sql;
" > $cacti_sql;
cacti_pw_site=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
cacti_pw_develop=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
cacti_pw_feature=`mktemp -t XXXXXXXXXXXX -u | sed 's/\/tmp\///'`
echo "
GRANT ALL PRIVILEGES ON cacti_site.* TO 'cacti_site'@'localhost' IDENTIFIED BY '$cacti_pw_site';
GRANT ALL PRIVILEGES ON cacti_develop.* TO 'cacti_develop'@'localhost' IDENTIFIED BY '$cacti_pw_develop';
GRANT ALL PRIVILEGES ON cacti_feature.* TO 'cacti_feature'@'localhost' IDENTIFIED BY '$cacti_pw_feature';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_site'@'localhost';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_develop'@'localhost';
GRANT SELECT ON mysql.time_zone_name TO 'cacti_feature'@'localhost';
FLUSH PRIVILEGES
" >> $cacti_sql
cat /usr/share/cacti/site/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_site\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_site\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_site\2/g" > /usr/share/cacti/site/include/config.php
cat /usr/share/cacti/develop/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_develop\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_develop\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_develop\2/g" > /usr/share/cacti/develop/include/config.php
cat /usr/share/cacti/feature/include/config.php.dist | sed "s/^\(\\\$database_default.*=[ ']*\)cacti\([';]*$\)/\1cacti_feature\2/g"| sed "s/^\(\\\$database_username.*=[ ']*\)cactiuser\([';]*$\)/\1cacti_feature\2/g" | sed "s/^\(\\\$database_password.*=[ ']*\)cactiuser\([';]*$\)/\1$cacti_pw_feature\2/g" > /usr/share/cacti/feature/include/config.php
mysql -u root -p < $cacti_sql
mysql -u root -p mysql < /usr/local/share/mysql/mysql_test_data_timezone.sql;
Make the default url path be the root and set the PHP timezone.
sed -i '' "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /usr/share/cacti/site/include/config.php
sed -i '' "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /usr/share/cacti/develop/include/config.php
sed -i '' "s/^\(\\\$url_path.*=[ ']*\)\/cacti\/\([';]*$\)/\1\/\2/g" /usr/share/cacti/feature/include/config.php
sed -i '' "s/^[; ]*date\.timezone[ ]*=.*$/date.timezone = Europe\/London/g" /usr/local/etc/php.ini
systemctl restart apache2
echo "* * * * * _website_user_ /usr/bin/php --define suhosin.memory_limit=512M /usr/share/cacti/site/poller.php 2>&1 | if [ -f /usr/bin/ts ] ; then ts \"\\%Y-\\%m-\\%d \\%H:\\%M:\\%.S\" ; else cat ; fi >> /usr/share/cacti/site/log/poller.log" > /etc/cron.d/cacti-site
echo "* * * * * _website_user_ /usr/bin/php --define suhosin.memory_limit=512M /usr/share/cacti/develop/poller.php 2>&1 | if [ -f /usr/bin/ts ] ; then ts \"\\%Y-\\%m-\\%d \\%H:\\%M:\\%.S\" ; else cat ; fi >> /usr/share/cacti/develop/log/poller.log" > /etc/cron.d/cacti-develop
echo "* * * * * _website_user_ /usr/bin/php --define suhosin.memory_limit=512M /usr/share/cacti/feature/poller.php 2>&1 | if [ -f /usr/bin/ts ] ; then ts \"\\%Y-\\%m-\\%d \\%H:\\%M:\\%.S\" ; else cat ; fi >> /usr/share/cacti/feature/log/poller.log" > /etc/cron.d/cacti-feature
Some notes on the above are:
-
Ensure any percentage signs are escaped with a backslash as cron will by default assume a new line when seeing a percentage sign resulting in errors such as
/bin/sh: 1: Syntax error: Unterminated quoted string -
To utilise the timestamp mechanisms, you must install
moreutilsto have /usr/bin/tsapt install -y moreutils
-
Testing Enviroments
OS Version Common Items Spine CentOS v 6 v 7 Fedora v 27 FreeBSD v 10.4 v 11.1 OpenSUSE Leaf v 42.3 Ubuntu v 18.04 v 17.10 v 16.04