Install apache, mod_ssl, net-snmp and php72 modules
yum install httpd24 mod24_ssl.x86_64 php72 net-snmp net-snmp-utils php72 php72-xml php72-session php72-sockets php72-ldap php72-gd php72-gmp php72-intl php72-mbstring php72-mysqlnd php72-pdo php72-process php72-snmp php72-mysql php72-pear php72-common php72-gd php72-devel php72 php72-mbstring php72-cli php72-intl php72-snmp.Mariadb installation
Mysql server 5.5 won't work as requirement for cacti. Since AMI 2018 is based on RHEL/Centos6 then mariadb repo needs to be centos6 version. Latest mariadb is offered for cento6 is 10.3
vi /etc/yum.repos.d/mariadb.repo
# MariaDB 10.3 CentOS repository list - created 2020-07-16 09:46 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1yum install -y MariaDB-server MariaDB-clientRun mysql_secure_installation
mysql_secure_installationSetup php.ini
vi /etc/php.ini
date.timezone = America/New_York
memory_limit = 512M
max_execution_time = 60Restart apache
service httpd restartConfigure db server
vi /etc/my.cnf.d/server.cnf
[mysqld]
collation-server = utf8mb4_unicode_ci
character-set-server=utf8mb4
max_heap_table_size = 64M
tmp_table_size = 64M
join_buffer_size = 64M
innodb_file_format = Barracuda
innodb_large_prefix = 1
innodb_flush_log_at_timeout = 3
#change innodb_buffer_pool_size according to your needs. on standalone server 70% of server memory. On shared with web is starter 1GB
innodb_buffer_pool_size = 1GB
innodb_buffer_pool_instances = 10
# Based on what type for storage you use. The below values are for SSD drives.
# Change it if Cacti reports issues during the installation
innodb_read_io_threads = 32
innodb_write_io_threads = 16
innodb_file_per_table = 1
innodb_io_capacity = 5000
innodb_io_capacity_max = 10000Start services
service mysql start
service httpd startSetup cacti database
mysql -u root -p
create database cacti;
GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'change-password';
flush privileges;
exitImport mysql timezone sql dump
mysql -u root -p mysql < /usr/share/mysql/mysql_test_data_timezone.sqlSet privileges
mysql -u root -p
GRANT SELECT ON mysql.time_zone_name TO cactiuser@localhost;
flush privileges;
exitInstall cacti from source
repo package is too old
cd /tmp
wget https://www.cacti.net/downloads/cacti-latest.tar.gz
tar xfp cacti-latest.tar.gz
mv cacti-1.2.13 /opt/cacti
chown -R apache:apache /opt/cactiCacti database import
mysql -u root -p cacti < /opt/cacti/cacti.sqlDatabase configure for cacti
vi /opt/cacti/include/config.php
$database_type = 'mysql';
$database_default = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cactiuser';
$database_password = 'password';
$database_port = '3306';
$database_retries = 5;
$database_ssl = false;
$database_ssl_key = '';
$database_ssl_cert = '';
$database_ssl_ca = '';Setup cron
vi /etc/cron.d/cacti
*/5 * * * * apache /usr/bin/php /opt/cacti/poller.php > /dev/null 2>&1Cacti apache conf
vi /etc/httpd/conf.d/cacti.conf
Alias /cacti /opt/cacti
<Directory /opt/cacti/>
<IfModule mod_authz_core.c>
# httpd 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# httpd 2.2
Order deny,allow
Deny from all
Allow from localhost
</IfModule>
</Directory>
<VirtualHost *:80>
DocumentRoot "/opt/cacti/"
ServerName yourdomainname
# Other directives here
</VirtualHost>
Restart apache
service httpd restartAutostart services
chkconfig httpd on
chkconfig mysql onSetup let's encrypt
cd /tmp
wget https://dl.eff.org/certbot-auto
cp certbot-auto /usr/local/bin/
chmod +x /usr/local/bin/certbot-auto
/usr/local/bin/certbot-auto --debug -v --server https://acme-v02.api.letsencrypt.org/directory certonly -d yourdomainnameChoose apache setup option. After cert install add following lines to /etc/httpd/conf.d/ssl.conf
vi /etc/httpd/conf.d/ssl.conf
DocumentRoot "/opt/cacti"
ServerName yourdomainname:443
SSLCertificateFile /etc/letsencrypt/live/yourdomainname/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomainname/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomainname/fullchain.pemRestart apache
service httpd restartNow you can access cacti via browser https://yourdomainname/cacti User and pw: admin/admin
Hint: Be sure to setup also net-snmp template since default local linux template is not so good
You might be also interested with SNMP daemon setup:
yum -y install net-snmp net-snmp-utilsConfigure snmpd.conf
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.orig.confvi /etc/snmp/snmpd.conf
# SECTION: Access Control Setup
rocommunity public
###########################################################################
# SECTION: System Information Setup
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
#
# Unknown directives read in from other files by snmpconf
#
com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
# Cumulus specific
view systemview included .1.3.6.1.4.1.40310.1
view systemview included .1.3.6.1.4.1.40310.2
# Memory utilization
view systemview included .1.3.6.1.4.1.2021.4
# CPU utilization
view systemview included .1.3.6.1.4.1.2021.11
access notConfigGroup "" any noauth exact systemview none none
dontLogTCPWrappersConnects yesEnable snmpd service
chkconfig snmpd onRestart snmpd service
service snmpd restartNB! In amazon firewall for snmpd to work is needed to open port 161 udp. Custom UDP rule wont work, only All UDP. This currently seems to be issue as writing. 29.07.2020