Инструменты пользователя
Боковая панель
freebsd:cacti
Установка
cd /usr/ports/net-mgmt/cacti make install clean
По завершению установки получаю.
Installing cacti-1.2.7...
===> Creating groups.
Creating group 'cacti' with gid '107'.
===> Creating users
Creating user 'cacti' with uid '107'.
Cacti is now installed. If you install it for the first time,
you may have to follow this steps to make it work correctly:
1. Create the MySQL database, a cacti user, and initialize:
a) CREATE DATABASE `cacti`;
b) Create a mysql user/password for cacti:
CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
c) Add GRANTS:
GRANT ALL ON `cacti`.* TO 'cacti'@'localhost';
GRANT SELECT ON `mysql`.`time_zone_name` TO 'cacti'@'localhost';
FLUSH PRIVILEGES;
d) Import the default cacti database:
mysql --database=cacti -ucacti -p < /usr/local/share/cacti/cacti.sql
If you haven't already imported your MySQL timezone data, you need to do this:
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
NOTE:
* Cacti does not LOCK TABLES.
2. Edit /usr/local/share/cacti/include/config.php from the template
config.php.orig.
PHP requires the time zone to be explicitly set rather that rely on
the system time zone, otherwise poller complains. I added the
following line to my config.php:
date_default_timezone_set('America/Los_Angeles');
3. Add the following line to cron for cacti:
*/5 * * * * /usr/local/bin/php /usr/local/share/cacti/poller.php > /dev/null 2>&1
4. Example Apache 2.4 configuration:
(This assumes that you have installed a working PHP Apache install, e.g. with mod_php)
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
DirectoryIndex index.php
DocumentRoot "/usr/local/share/cacti"
Alias /cacti "/usr/local/share/cacti/"
Alias /Cacti "/usr/local/share/cacti/"
<Directory "/usr/local/share/cacti">
Require all granted
AllowOverride None
Order Allow,deny
Allow from all
</Directory>
5. Open a Cacti login page in your web browser and follow the install instructions.
If you update cacti, open a login page and an updating process will
start automatically.
NOTEs as of 10Aug2014:
1) Cacti now better supports hier(7)
a) Cacti log files are now found under /var/log/cacti where you can
manage them using newsyslog.
b) Cacti RRD files are now found under /var/db/cacti/rra.
If you have an existing Cacti installation these paths are also
found in Cacti's SQL database and MUST be updated. These two SQL
commands should do the trick:
UPDATE settings SET value='/var/log/cacti/log' \
WHERE name='path_cactilog';
UPDATE poller_item SET rrd_path=\
REPLACE(rrd_path,'/usr/local/share/cacti/rra','/var/db/cacti/rra') \
WHERE rrd_path REGEXP '^/usr/local/share/cacti/rra';
2) The PERL paths in the Cacti PERL scripts have been updated to
/usr/local/bin.
Other Erratas:
1) Mount linprocfs in /compat/linux/proc will allow most scripts to work.
2) This package does not install a MySQL server in case you wish to use an
external MySQL server. Install a package such as mysql57-server if you
require a local server.
У меня MySQL и Cacti находятся на разных серверах. На сервере с MySQL создаю базу данных cacti. Создаю пользователя cacti и разрешаю ему управлять созданной базой данных. Настраиваю удалённый доступ к MySQL.
mysql -u root -p Enter password: SHOW databases; +--------------------+ | Database | +--------------------+ | information_schema | | ccnet-db | | mysql | | performance_schema | | seafile-db | | seahub-db | | sys | +--------------------+ 7 rows in set (0.08 sec) create database `cacti` character set = 'utf8'; SHOW databases; +--------------------+ | Database | +--------------------+ | information_schema | | cacti | | ccnet-db | | mysql | | performance_schema | | seafile-db | | seahub-db | | sys | +--------------------+ 8 rows in set (0.00 sec) CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'rfRn3c_rkjn'; CREATE USER 'cacti'@'10.215.130.21' IDENTIFIED BY 'rfRn3c_rkjn'; GRANT ALL ON `cacti`.* TO 'cacti'@'10.215.130.21'; GRANT SELECT ON `mysql`.`time_zone_name` TO 'cacti'@'10.215.130.21'; CREATE USER 'root'@'10.215.130.21' IDENTIFIED BY 'Ce,,0nf#'; GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.215.130.21'; FLUSH PRIVILEGES; select user,host from mysql.user; +---------------+---------------+ | user | host | +---------------+---------------+ | cacti | 10.215.130.21 | | root | 10.215.130.21 | | root | 10.215.130.22 | | seafile | 10.215.130.22 | | cacti | localhost | | mysql.session | localhost | | mysql.sys | localhost | | root | localhost | +---------------+---------------+
На компьютере с cacti в созданную базу данных загружаю таблицы
mysql --database=cacti -h 10.215.130.20 -u root -p < /usr/local/share/cacti/cacti.sql Enter password:
Подключаюсь к MySQL и проверяю создание талиц
mysql -h 10.215.130.20 -u cacti -p use cacti show tables; +-------------------------------------+ | Tables_in_cacti | +-------------------------------------+ | aggregate_graph_templates | | aggregate_graph_templates_graph | | aggregate_graph_templates_item | | aggregate_graphs | | aggregate_graphs_graph_item | | aggregate_graphs_items | | automation_devices | | automation_graph_rule_items | | automation_graph_rules | | automation_ips | | automation_match_rule_items | | automation_networks | | automation_processes | | automation_snmp | | automation_snmp_items | | automation_templates | | automation_tree_rule_items | | automation_tree_rules | | cdef | | cdef_items | | color_template_items | | color_templates | | colors | | data_debug | | data_input | | data_input_data | | data_input_fields | | data_local | | data_source_profiles | | data_source_profiles_cf | | data_source_profiles_rra | | data_source_purge_action | | data_source_purge_temp | | data_source_stats_daily | | data_source_stats_hourly | | data_source_stats_hourly_cache | | data_source_stats_hourly_last | | data_source_stats_monthly | | data_source_stats_weekly | | data_source_stats_yearly | | data_template | | data_template_data | | data_template_rrd | | external_links | | graph_local | | graph_template_input | | graph_template_input_defs | | graph_templates | | graph_templates_gprint | | graph_templates_graph | | graph_templates_item | | graph_tree | | graph_tree_items | | host | | host_graph | | host_snmp_cache | | host_snmp_query | | host_template | | host_template_graph | | host_template_snmp_query | | plugin_config | | plugin_db_changes | | plugin_hooks | | plugin_realms | | poller | | poller_command | | poller_data_template_field_mappings | | poller_item | | poller_output | | poller_output_boost | | poller_output_boost_processes | | poller_output_realtime | | poller_reindex | | poller_resource_cache | | poller_time | | reports | | reports_items | | sessions | | settings | | settings_tree | | settings_user | | settings_user_group | | sites | | snmp_query | | snmp_query_graph | | snmp_query_graph_rrd | | snmp_query_graph_rrd_sv | | snmp_query_graph_sv | | snmpagent_cache | | snmpagent_cache_notifications | | snmpagent_cache_textual_conventions | | snmpagent_managers | | snmpagent_managers_notifications | | snmpagent_mibs | | snmpagent_notifications_log | | user_auth | | user_auth_cache | | user_auth_group | | user_auth_group_members | | user_auth_group_perms | | user_auth_group_realm | | user_auth_perms | | user_auth_realm | | user_domains | | user_domains_ldap | | user_log | | vdef | | vdef_items | | version | +-------------------------------------+ 109 rows in set (0.00 sec)
Из файла /usr/local/share/cacti/include/config.php.sample создаю файл конфигурации в котором указываю пользователя и пароль базы данных cacti.
загружаю временные зоны в MySQL
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
В папке /var/log/cacti создаю файл для логов log и задаю права доступа www:www
touch /var/log/cacti/log
Меняю права доступа к папке cacti
chown -R www:www /usr/local/share/cacti/
Создаю папку и меняю права доступа
mkdir -p /usr/local/share/cacti/log/ chown -R www:www /usr/local/share/cacti/log/
В браузере набираю cacti.klotik.ru. На приглашение логина и пароля набираю admin/admin. Cacti предложит сменить пароль.
Input Validation Whitelist Protection Cacti Data Input methods that call a script can be exploited in ways that a non-administrator can perform damage to either files owned by the poller account, and in cases where someone runs the Cacti poller as root, can compromise the operating system allowing attackers to exploit your infrastructure. Therefore, several versions ago, Cacti was enhanced to provide Whitelist capabilities on the these types of Data Input Methods. Though this does secure Cacti more thouroughly, it does increase the amount of work required by the Cacti administrator to import and manage Templates and Packages. The way that the Whitelisting works is that when you first import a Data Input Method, or you re-import a Data Input Method, and the script and or aguments change in any way, the Data Input Method, and all the corresponding Data Sources will be immediatly disabled until the administrator validates that the Data Input Method is valid. To make identifying Data Input Methods in this state, we have provided a validation script in Cacti's CLI directory that can be run with the following options: php -q input_whitelist.php --audit - This script option will search for any Data Input Methods that are currently banned and provide details as to why. php -q input_whitelist.php --update - This script option un-ban the Data Input Methods that are currently banned. php -q input_whitelist.php --push - This script option will re-enable any disabled Data Sources. It is strongly suggested that you update your config.php to enable this feature by uncommenting the $input_whitelist variable and then running the three CLI script options above after the web based install has completed. Check the Checkbox below to acknowledge that you have read and understand this security concern
Обновление старого cacti
После обновления cacti внёс изменения в базу данных MySQL
mysql -u cacti -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 47041
Server version: 5.6.17-log Source distribution
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use cacti;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> UPDATE settings SET value='/var/log/cacti/log' \
-> WHERE name='path_cactilog';
Query OK, 1 row affected (0,00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> UPDATE poller_item SET rrd_path=\
-> REPLACE(rrd_path,'/usr/local/share/cacti/rra','/var/db/cacti/rra') \
-> WHERE rrd_path REGEXP '^/usr/local/share/cacti/rra';
Query OK, 24 rows affected (0,02 sec)
Rows matched: 24 Changed: 24 Warnings: 0
mysql> quit
Bye
При попытке запуститтть poller в консоле получил ошибкау
# /usr/local/bin/php /usr/local/share/cacti/poller.php Shared object "libpng15.so.15" not found, required by "rrdtool"
Просматриваю библитеки
# ls -l /usr/local/lib/ | grep 'png*.*so' lrwxr-xr-x 1 root wheel 11 16 сен 23:57 libpng.so -> libpng16.so lrwxr-xr-x 1 root wheel 19 16 сен 23:57 libpng16.so -> libpng16.so.16.23.0 lrwxr-xr-x 1 root wheel 19 16 сен 23:57 libpng16.so.16 -> libpng16.so.16.23.0 -rwxr-xr-x 1 root wheel 195596 16 сен 23:57 libpng16.so.16.23.0
Создаю ссылку на библиотеку с коротой был установлен rrdtool и которой после обновления нет
# ln -s /usr/local/lib/libpng16.so.16.23.0 /usr/local/lib/libpng15.so.15
Ссылки:
http://dnaeon.github.io/cacti-freebsd/
https://ctopmbi4.wordpress.com/2014/08/29/%D1%83%D1%81%D1%82%D0%B0%D0%BD%D0%BE%D0%B2%D0%BA%D0%B0-cacti-%D0%BD%D0%B0-freebsd/
freebsd/cacti.txt · Последние изменения: 2021/11/13 16:54 — alex
Инструменты страницы
Если не указано иное, содержимое этой вики предоставляется на условиях следующей лицензии: GNU Free Documentation License 1.3
