Cacti with apache, mariadb on AMI 2018 Linux

Primary tabs

Install apache, mod_ssl, net-snmp php72 and php72 modules

yum install httpd24 mod24_ssl.x86_64 php72 net-snmp net-snmp-utils php72 php72-xml php72-session php72-sockets php72-ldap php72-gd php72-gmp php72-intl php72-mbstring php72-mysqlnd php72-pdo php72-process php72-snmp php72-mysql php72-pear php72-common php72-gd php72-devel php72 php72-mbstring php72-cli php72-intl php72-snmp

If you don't have mariadb then Install it. Mysql server 5.5 won't work as requirement for cacti. Since AMI 2018 is based on RHEL/Centos6 then mariadb repo needs to be centos6 version. Latest mariadb is offered for cento6 is 10.3

vi /etc/yum.repos.d/mariadb.repo 

# MariaDB 10.3 CentOS repository list - created 2020-07-16 09:46 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Setup mysql

yum install -y MariaDB-server MariaDB-client

Run mysql_secure_installation

mysql_secure_installation

Setup php.ini

vi /etc/php.ini

date.timezone = America/New_York
memory_limit = 512M
max_execution_time = 60

Restart apache

service httpd restart

Setup mysql

vi /etc/my.cnf.d/server.cnf

[mysqld]

collation-server = utf8mb4_unicode_ci
character-set-server=utf8mb4
max_heap_table_size = 64M
tmp_table_size = 64M
join_buffer_size = 64M
innodb_file_format = Barracuda
innodb_large_prefix = 1
innodb_flush_log_at_timeout = 3
#change innodb_buffer_pool_size according to your needs. on standalone server 70% of server memory. On shared with web is starter 1GB
innodb_buffer_pool_size = 1GB
innodb_buffer_pool_instances = 10
# Based on what type for storage you use. The below values are for SSD drives.
# Change it if Cacti reports issues during the installation
innodb_read_io_threads = 32
innodb_write_io_threads = 16
innodb_file_per_table = 1
innodb_io_capacity = 5000
innodb_io_capacity_max = 10000

Start services

service mysql start
service httpd start

Setup cacti database

mysql -u root -p
create database cacti;

GRANT ALL ON cacti.* TO [email protected] IDENTIFIED BY 'change-password';
flush privileges;
exit

Import mysql timezone sql dump

mysql -u root -p mysql < /usr/share/mysql/mysql_test_data_timezone.sql

Set privileges

mysql -u root -p

GRANT SELECT ON mysql.time_zone_name TO [email protected];
flush privileges;
exit

Install cacti from source (repo package is too old)

cd /tmp
wget https://www.cacti.net/downloads/cacti-latest.tar.gz
tar xfp cacti-latest.tar.gz
mv cacti-1.2.13 /opt/cacti
chown -R apache:apache /opt/cacti

Cacti database import

mysql -u root -p cacti < /opt/cacti/cacti.sql

Database configure for cacti

vi /opt/cacti/include/config.php

$database_type     = 'mysql';
$database_default  = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cactiuser';
$database_password = 'password';
$database_port     = '3306';
$database_retries  = 5;
$database_ssl      = false;
$database_ssl_key  = '';
$database_ssl_cert = '';
$database_ssl_ca   = '';

Setup cron

vi /etc/cron.d/cacti 

*/5 * * * * apache /usr/bin/php /opt/cacti/poller.php > /dev/null 2>&1

Cacti apache conf

vi /etc/httpd/conf.d/cacti.conf

Alias /cacti /opt/cacti
<Directory /opt/cacti/>
            <IfModule mod_authz_core.c>
                         # httpd 2.4
                         Require all granted
            </IfModule>
            <IfModule !mod_authz_core.c>
                         # httpd 2.2
                         Order deny,allow
                         Deny from all
                         Allow from localhost
            </IfModule>
</Directory>

<VirtualHost *:80>
    DocumentRoot "/opt/cacti/"
    ServerName yourdomainname

    # Other directives here
</VirtualHost>

Restart httpd

service httpd restart

Autostart services

chkconfig httpd on
chkconfig mysql on

Setup let's encrypt

cd /tmp
wget https://dl.eff.org/certbot-auto
cp certbot-auto /usr/local/bin/
chmod +x /usr/local/bin/certbot-auto
/usr/local/bin/certbot-auto --debug -v --server https://acme-v02.api.letsencrypt.org/directory certonly -d yourdomainname

Choose apache setup option. After cert install add following lines to /etc/httpd/conf.d/ssl.conf

vi /etc/httpd/conf.d/ssl.conf

DocumentRoot "/opt/cacti"
ServerName yourdomainname:443

SSLCertificateFile /etc/letsencrypt/live/yourdomainname/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomainname/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomainname/fullchain.pem

Restart apache

service httpd restart

Now you can access cacti via browser https://yourdomainname/cacti

User and pw: admin/admin

Hint: Be sure to setup also net-snmp template since default local linux template is not so good

You might be also interested with SNMP daemon setup:

yum -y install net-snmp net-snmp-utils

Configure snmpd.conf

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.orig.conf
vi /etc/snmp/snmpd.conf

# SECTION: Access Control Setup
rocommunity  public  

###########################################################################
# SECTION: System Information Setup

syslocation Unknown (edit /etc/snmp/snmpd.conf)

syscontact Root <[email protected]> (configure /etc/snmp/snmp.local.conf)

#
# Unknown directives read in from other files by snmpconf
#
com2sec notConfigUser  default       public
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
# Cumulus specific
view   systemview  included   .1.3.6.1.4.1.40310.1
view   systemview  included   .1.3.6.1.4.1.40310.2
# Memory utilization
view   systemview  included   .1.3.6.1.4.1.2021.4 
# CPU utilization
view   systemview  included   .1.3.6.1.4.1.2021.11
access  notConfigGroup ""      any       noauth    exact  systemview none none
dontLogTCPWrappersConnects yes

Enable snmpd init script

chkconfig snmpd on

Restart snmpd service:

service snmpd restart

NB! In amazon firewall for snmpd to work is needed to open port 161 udp. Custom UDP rule wont work, only All UDP. This currently seems to be issue as writing. 29.07.2020

Tags 
cacti ami linux


QR Code for https://setupexample.com/cacti-apache-mariadb-ami-2018-linux