2018年1月9日 星期二

Cacti For CentOS 7.4 架設網路監控系統


應該超過10多年之久了吧!Cacti終於在去年從0.8x的版本躍升至V1.0以上的版本,實在讓人感到興奮,這也說明了在監控的技術領域來說發展遲緩,那麼這個跨世代的版本究竟帶來了哪些變化呢?詳細可以參考官方的Release Notes,就我個人感受有以下幾點:



1. 新的網頁版型對於手機顯示有較好的相容性
2. 支援php7以上版本(較好的服務效率)
3. 支援MySQL5.6以上版本
4. 整合了過往一些好用的plugins
5. 以Data profile來提供不同的Polling頻率與RRAs的儲存方式,便於Data source的套用
6. 部分內建template的資料紀錄更準確(例如早期某些客戶端作業系統下的數據和cpu usage的圖表數值不相同)

不過在安裝上的難度不小,許多人都有撞牆的經驗,以下將分享我在CentOS 7.4x64桌面版本下安裝Cacti 1.1.30版本的過程記錄。

※註:2018-1017新增帳戶無法 access MySQL Timezone database解決辦法與讓Cacti支援中文辦法(確定本篇安裝方法可支援至Cacti 1.1.38版本)。




MariaDB的安裝

由於CentOS7.4系統預設的yum安裝版本是5.5,不符合Cacti的需求,因此新增一個MariaDB的repository用以安裝MariaDB 10.0
[root@centos74 ~]# nano /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.0 CentOS repository list – created 2014-10-13 13:04 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos7-amd64
gpgkey =https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
安裝mariadb、啟動mariadb並設置為開機預設啟動
[root@centos74 ~]# yum install -y MariaDB-server MariaDB-client MariaDB-devel
[root@centos74 ~]# systemctl start mysql
[root@centos74 ~]# systemctl enable mysql
如果你出現以下紅字錯誤則改用以下方式設置開機啟動
[root@centos74 ~]# systemctl enable mysql
mysql.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig mysql on

[root@centos74 ~]# /sbin/chkconfig mysql on
初始化MariaDB
[root@centos74 ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 直接按Enter跳過
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] 按Y設定MySQL的root密碼
New password: 輸入新密碼
Re-enter new password: 再次輸入確認新密碼
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 按Y移除anonymous users
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 按Y禁止root從遠端登入MySQL
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 按Y移除預設建立好的test database
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 按Y重新載入資料表權限
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
為cacti建立一個資料庫並將使用權限連結給帳號cactiuser的用戶
[root@centos74 ~]# mysql -uroot -p

MariaDB [(none)]> create database cacti;
MariaDB [(none)]> grant all on cacti.* to cactiuser@localhost identified by "cactiuser";
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
Bye!
解決時區問題 ERROR: Your MySQL TimeZone database is not populated
[root@centos74 ~]# mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql -p
解決ERROR: Your Cacti database login account does not have access to the MySQL TimeZone database.
[root@centos74 ~]# mysul -uroot -p cacit

MariaDB[(cacti)]>GRANT SELECT ON mysql.time_zone_name TO cactiuser@localhost IDENTIFIED BY 'cactiuser';
MariaDB[(cacti)]>exit
Bye! 
讓cacti支援中文(support UTF8)
[root@centos74 ~]# mysul -uroot -p cacit

MariaDB[(cacti)]>ALTER DATABASE cacti CHARACTER SET utf8 COLLATE utf8_general_ci;
MariaDB[(cacti)]>exit
Bye! 
優化MariaDB設定檔
[root@centos74 ~]# nano /etc/my.cnf.d/server.cnf
找到[server]區塊,並與其後加入以下參數設定值
character_set_server = utf8mb4
collation-server = utf8mb4_unicode_ci
max_heap_table_size = 256M
max_allowed_packet = 16777216
tmp_table_size = 64M
join_buffer_size = 64M
innodb_file_per_table = ON
innodb_buffer_pool_size = 1024M
innodb_doublewrite = OFF
innodb_additional_mem_pool_size = 96M
innodb_flush_log_at_timeout = 3
innodb_read_io_threads = 32
innodb_write_io_threads =16
重啟mysql服務讓設定檔生效
[root@centos74 ~]# systemctl restart mysql



Cacti所需套件安裝

安裝畫圖工具、snmp相關工具與gcc編譯相關工具
[root@centos74 ~]# yum install rrdtool rrdtool-devel rrdtool-perl net-snmp net-snmp-devel openssl-devel net-snmp-utils
[root@centos74 ~]# yum install dos2unix autoconf automake libtool help2man
下載並編譯Cacti的poller工具spine
[root@centos74 ~]# wget https://www.cacti.net/downloads/spine/cacti-spine-1.1.30.tar.gz
[root@centos74 ~]# tar zxvf cacti-spine-1.1.30.tar.gz
[root@centos74 ~]# cd cacti-spine-1.1.30/
[root@centos74 ~]# ./bootstrap
[root@centos74 ~]# ./configure --prefix=/usr/local/spine
[root@centos74 ~]# make && make install
[root@centos74 ~]# cd /usr/local/spine/etc/
[root@centos74 ~]# cp spine.conf.dist spine.conf




Apache與php的安裝設定

安裝apache網站伺服器服務
[root@centos74 ~]# yum install httpd -y
安裝php 7.1套件
[root@centos74 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@centos74 ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@centos74 ~]# yum -y install php71w php71w-devel php71w-mysqlnd php71w-xml php71w-mbstring php71w-posix php71w-ldap php71w-snmp php71w-gd
優化php設定檔
[root@centos74 ~]# nano /etc/php.ini
找到以下參數並修正其數值如下
data.timezone = Asia/Taipei
upload_max_filesize = 20M
post_max_size = 100M
memeory_limit = 256M
啟動apache服務並設置為開機預設啟動
[root@centos74 ~]# systemctl start httpd
[root@centos74 ~]# systemctl enable httpd



下載Cacti並進行相關系統配置

前往官網下載Cacti軟體並解壓縮、搬遷至apache預設網頁目錄
[root@centos74 ~]# wget https://www.cacti.net/downloads/cacti-1.1.30.tar.gz
[root@centos74 ~]# tar zxvf cacti-1.1.30.tar.gz
[root@centos74 ~]# mv cacti-1.1.30 /var/www/html/cacti
替apache設定好相關目錄權限
[root@centos74 ~]# cd /var/www/html
[root@centos74 ~]# chown -R apache:apache cacti
[root@centos74 ~]# chown root:apache /var/lib/php/session
將Cacti預設資料庫結構匯入MariaDB
[root@centos74 ~]# mysql -uroot -p -A cacti <  /var/www/html/cacti/cacti.sql
將poller寫入crontab排程,Cacti的cmd.php預設每五分鐘擷取一次客戶端資料
[root@centos74 ~]# nano /etc/crontab
# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

*/5 * * * * root /usr/bin/php /var/www/html/cacti/poller.php > /dev/null 2>&1
系統防火牆與SELinux放行
[root@centos74 ~]# firewall-cmd --permanent --zone=public --add-service=http
[root@centos74 ~]# firewall-cmd --permanent --zone=public --add-service=https
[root@centos74 ~]# firewall-cmd --permanent --zone=public --add-port=161/udp
[root@centos74 ~]# firewall-cmd --reload
[root@centos74 ~]# setenforce 0
讓SELinux disable永久生效
[root@centos74 ~]# nano /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted




圖形化介面安裝Cacti

開啟瀏覽器連接http://你的IP/cacti

安裝引導精靈確認你的系統配置是否合乎Cacti安裝需求




確認無誤後按下一步

Cacti新功能是可以將Poller與監控伺服器的角色分離,這邊確認安裝主要監控伺服器(其中已包含Poller),也確認好資料庫的連線資訊無誤後按下一步

檢查確認主要的執行檔是否存在,注意一下spine的位置可能需要修改

RRDTool依照yum安裝的版本選定即可 

檢查目錄權限是否符合Cacti的需求

勾選安裝所有template至Cacti

終於安裝完畢啦!輸入預設帳密admin/admin

然後Cacti會要求你設定一組新的密碼,需要符合密碼原則,8個字元以上、英文大小寫加上特殊字元才能通過,這邊先應付了事,我們事後可以再進入Cacti去取消密碼原則。

狂賀!歷經千辛萬苦終於進入主畫面惹

來到左方Settings→Authentication 按照以下設定取消密碼原則,再按右下方save離開

接著去Users→General 修改admin的密碼(可以不符合密碼原則了)

修改Poller為spine

相對於cmd.php直譯式的Poller,spine是以C語言編譯,效率更好,若需要頻繁的監控大量客戶端主機來說,會是最佳選擇。 




待續
下一篇我們將會針對如何監控客戶端主機做解說,敬請期待!

4 則留言:

  1. Hello I have problem when i do the installation

    with following error after apply mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root mysql -p do you have any idea for it

    thanks a lot

    Warning: Unable to load '/usr/share/zoneinfo/leapseconds' as time zone. Skipping it.
    Warning: Unable to load '/usr/share/zoneinfo/tzdata.zi' as time zone. Skipping it.

    回覆刪除
    回覆
    1. sorry, I dont have any idea, maybe you can refer to https://stackoverflow.com/questions/18216198/unable-to-load-timezones

      刪除
  2. Hi 我照你的方式作了一次 但無法出圖 會出現 錯誤圖的訊息為
    /bin/rrdtool symbol lookup error /lib64/libpango-1.0.so.0 undefined symbol g_log_structured_standard

    回覆刪除
    回覆
    1. 應該不是新機安裝? Try to update ur glib2 package

      刪除