基本环境介绍:
安装 Cacti 需要 Mysql,PHP,RRDTool,net-snmp 和 支持 PHP 的 Web服务器,如 Apache,Nginx 或 IIS等。
软件版本要求:
安装mysql数据库
配置MariaDB官方yum源,这里安装mariadb10.3.5版本:
[root@localhost ~]# vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name=MariaDB
baseurl= http://yum.mariadb.org/10.3.5/centos74-amd64/
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
安装mariadb server和mariadb client
[root@localhost ~]# yum install -y MariaDB-server MariaDB-client MariaDB-devel
Installed:
MariaDB-client.x86_64 0:10.3.5-1.el7.centos
MariaDB-devel.x86_64 0:10.3.5-1.el7.centos
MariaDB-server.x86_64 0:10.3.5-1.el7.centos
安装httpd和php
# yum install -y httpd php
这里安装Apache/2.4.6和php5.4.16
[root@cacti ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jun 27 2018 13:48:59
[root@cacti ~]# php -v
PHP 5.4.16 (cli) (built: Apr 12 2018 19:02:01)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
安装php扩展
# yum install –y php-mysql php-snmp php-xml php-ldap php-gd php-mbstring php-posix
安装net-snmp简单网络管理协议
# yum install –y net-snmp net-snmp-libs net-snmp-utils net-snmp-devel net-snmp-perl
安装RRDTool 绘图工具
# yum install –y rrdtool rrdtool-devel rrdtool-php rrdtool-perl perl-devel perl-CPAN perl-YAML
查看httpd.conf配置文件,确保包含以下内容:
[root@cacti ~]# vim /etc/httpd/conf/httpd.conf
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
配置php.conf配置文件,末尾添加以下内容:
[root@cacti ~]# vim /etc/httpd/conf.d/php.conf
........
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
LoadModule php5_module modules/libphp5.so
#
# Cause the PHP interpreter to handle files with a .php extension.
AddHandler php5-script .php
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
DirectoryIndex index.php
启动httpd服务并设为开机启动
# systemctl start httpd && systemctl enable httpd
请确保为以下PHP扩展模块内置或安装了PHP支持:
• mysql (For configuration, see note below)
• SNMP (For configuration, see note below)
• XML
• Session
• Sockets
• LDAP (Required only when using LDAP authentication)
• GD (Required only for some Plugins)
您可以运行以下命令来获取所有可用PHP模块的列表:php –m
修改php.ini配置文件,添加或找到如下内容
关闭安全模式并修改时区
[root@localhost ~]# vim /etc/php.ini
[PHP]
safe_mode = Off
……
date.timezone = Asia/Shanghai
测试php与apache解析是否正常,创建php测试页面
[root@cacti ~]# vim /var/www/html/index.php
phpinfo();
?>
重启httpd服务并进行测试:
如果cacti目录不在apache目录下,参考如下设置,这里省略。
In case you do not install Cacti to the default web directory, put the following as cacti.conf into /etc/httpd/conf.d. Change /your/cacti/dir to your cacti directory name. Change the Allow from 127.0.0.1 directive to whatever you need (e.g. the subnets in your company). Follow the hints given in the comments, especially when using SELinux!
# Cacti - the complete rrdtool-based graphing solution
#
# Allows only localhost by default
#
# Allowing cacti to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
# Make sure, that httpd can read your cacti directories.
# At minimum, you need
# chmod ugo+r -R /your/cacti/dir
# Make sure to replace with your directories
# When using SELinux, set the following:
# chcon -R -h -t httpd_sys_content_t /your/cacti/dir
# when using SELinux and you private homedir, enable
# setsebool -P httpd_enable_homedirs 1
# setsebool -P httpd_read_user_content 1
Alias /cacti /your/cacti/dir
AllowOverride None
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Options Indexes Includes FollowSymLinks
# These directories do not require access over HTTP
#
Order Deny,Allow
Deny from All
Allow from None
启动mysql数据库服务并设为开机启动
[root@localhost ~]# systemctl start mariadb && systemctl enable mariadb
初始化MariaDB数据库,主要创建mysql数据库密码,然后全部Y下一步:
[root@localhost ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): //当前数据库密码为空,直接按回车键
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y //输入要为root管理员设置的密码(数据库root非linux root)
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y //删除匿名账号
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y //禁止root管理员从远程登录
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y //删除test数据库并取消对它的访问权限
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y //刷新授权表,让初始化后的设定立即生效
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
这里在上面初始化过程中数据库root密码设置为123456,登陆数据库验证密码设置是否正确
[root@cacti ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.3.5-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
修改mysql配置文件,在[server]下增加如下内容
[root@cacti ~]# vim /etc/my.cnf.d/server.cnf
[server]
# this is only for the mysqld standalone daemon
character_set_server = utf8mb4
collation-server = utf8mb4_unicode_ci
max_heap_table_size = 256M
max_allowed_packet = 16777216
tmp_table_size = 64M
join_buffer_size = 64M
innodb_file_per_table = ON
innodb_buffer_pool_size = 1024M
innodb_doublewrite = OFF
#innodb_additional_mem_pool_size = 96M
innodb_flush_log_at_timeout = 3
innodb_read_io_threads = 32
innodb_write_io_threads =16
数据库与PHP测试:
[root@cacti ~]# vim /var/www/html/linkdb.php
$a=mysql_connect("localhost","root","123456");
if($a){echo "ok";}else{echo "err";}
?>
测试
[root@cacti ~]# yum install –y elinks
[root@cacti ~]# elinks --dump http://localhost/linkdb.php
ok
修改snmp配置文件,找到如下内容修改
# vim /etc/snmp/snmpd.conf
//修改default为本机ip,修改public为自己的团体名(可以不改),42行
com2sec notConfigUser default public
//把systemview改成all ,供所有snmp 访问权限 64行
access notConfigGroup "" any noauth exact all none none
//去掉此行注释
view all included .1 80 // 去掉#号 85行
重启snmp服务
# systemctl restart snmpd.service && systemctl enable snmpd.service
本机测试snmp数据(修改monit为配置的团体名),查看是否能够获取数据
snmpwalk -v 2c -c public localhost system
远程测试snmp数据(修改ip为服务器ip,snmpwalk命令需要安装net-snmp)
snmpwalk -v 2c -c public ip system
官网下载:https://www.cacti.net/downloads/cacti-1.1.38.tar.gz
官网无法访问时可以在github下载
1.下载Cacti 安装包
# wget https://github.com/Cacti/cacti/archive/release/1.1.38.tar.gz
# tar -zxvf 1.1.38.tar.gz
# cp -R cacti-release-1.1.38/ /var/www/html/cacti
2.创建 cacti 数据库
创建cacti数据库,创建数据库用户cactiuser,设置用户相关授权
[root@cacti ~]# mysql –u root -p
MariaDB [(none)]> create database cacti;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on cacti.* to cactiuser@localhost identified by "cactiuser";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT SELECT ON mysql.time_zone_name TO 'cactiuser'@'localhost' IDENTIFIED BY 'cactiuser';
Query OK, 0 rows affected (0.00 sec)
MariaDB [cacti]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
注意这里的数据库用户名密码全部为cactiuser,可以自定义。
3.导入 Cacti 默认数据库
MariaDB [(none)]> use cacti;
Database changed
MariaDB [cacti]> source /var/www/html/cacti/cacti.sql;
………………
MariaDB [cacti]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [cacti]> quit
Bye
配置数据库时区:
[root@cacti ~]# mysql_tzinfo_to_sql /usr/share/zoneinfo/ | mysql -u root -p mysql
Enter password:
Warning: Unable to load '/usr/share/zoneinfo//leapseconds' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo//tzdata.zi' as time zone. Skipping it.
4.测试使用cactiuser用户登录cacti数据库
使用自己设置的用户名密码登录
[root@cacti ~]# mysql -ucactiuser -pcactiuser
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
5. 创建cacti配置文件config.php
主要修改数据库用户名密码,和cacti路径,这里全部默认,根据个人配置进行修改
[root@cacti ~]# cp /var/www/html/cacti/include/{config.php.dist,config.php}
[root@cacti ~]# vim /var/www/html/cacti/include/config.php
[root@cacti include]# vim config.php
………………
$database_type = 'mysql';
$database_default = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cactiuser';
$database_password = 'cactiuser';
$database_port = '3306';
$database_ssl = false;
……………
$url_path = '/cacti/';
6.创建 cacti 系统用户,设置目录权限
[root@cacti ~]# useradd -r -M cacti
[root@cacti ~]# chown -R cacti /var/www/html/cacti/{rra,log}/
[root@cacti ~]# chown -R apache.apache /var/www/html/cacti/{resource,cache,scripts}/
[root@cacti ~]# chmod -R 777 /var/www/html/cacti/
7. 添加定时任务
将每5分钟执行一次的数据获取脚本加入crontab
[root@cacti ~]# crontab -e
no crontab for root - using an empty one
*/5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1
8.重新启动相关服务
# systemctl restart httpd && systemctl restart mariadb
# systemctl restart crond && systemctl restart snmpd
cacti默认使用cmd.php来轮询数据,速度会很慢,因此我们采用Spine来轮询数据。cacti-spine是一个由C语言开发的,用于替代cmd.php的快速获取速度的引擎。(也可以不装)
安装spine高速数据采集插件
# wget https://www.cacti.net/downloads/spine/cacti-spine-1.1.38.tar.gz
# yum install -y mysql-devel dos2unix autoconf automake binutils libtool gcc cpp glibc-headers glibc-devel help2man
# tar zxvf cacti-spine-1.1.38.tar.gz
# cp -R cacti-spine-1.1.38 /usr/local/spine
# cd /usr/local/spine
# ln -s /usr/lib64/libmysqlclient.so.18.0.0 /usr/lib64/libmysqlclient.so
# sh bootstrap
# ./configure
# make && make install
# chown root:root /usr/local/spine/bin/spine
# chmod +s /usr/local/spine/bin/spine
编辑spine.conf:
# cp /usr/local/spine/etc/spine.conf.dist /etc/spine.conf
修改/etc/spine.conf如下部分:
# vim /etc/spine.conf
DB_Host localhost
DB_Database cacti
DB_User cactiuser
DB_Pass cactiuser
DB_Port 3306
进行初始化:
/usr/local/spine/bin/spine //执行此命令,成功后显示如下
[root@cacti spine]# /usr/local/spine/bin/spine
SPINE: Using spine config file [/etc/spine.conf]
SPINE: Version 1.1.38 starting
SPINE: Time: 0.0385 s, Threads: 5, Devices: 0
重启httpd服务,在浏览器访问:http://ip/cacti,进入安装界面。
检查各个模块时,可能有部分错误,自行排查
根据提示进行对应目录权限的配置,将相应目录给予httpd对应用户相应的读写权限,刷新浏览器后,点Next继续:
初次登录默认用户密码为admin/admin
重设密码,admin/Cacti@123
成功登陆
登录后,在Console–>Configuration–>Settings–>Paths下配置spine路径:
在Console–>Configuration–>Settings–>Poller下,将Poller Type改为spine,也可以在这里修改数据收集时间间隔:
选择console—devie,配置local linux Machine,没有则添加
配置基本参数
在页面最下方的 Associated Graph Templates 中添加图形模板
在 Associated Data Queries 中添加数据模板。
添加好相应的模板之后点击 Save。此时会弹出Save Successful会话框。
点击右上角的 Create Graphs for this Host,来为刚才通过模板所获得到的数据进行画图
选中需要画图的项(勾选页面看到的所有选项),其中依然分为两部分:
通过 Graph Templates 中的内容都需要选中,而 Data Query 获取的内容比较详细,所以可以按需选择。选择好需要画图的项目后,点击右下角的 Create。
选择Graphs查看图表
如果没有加载出来,手动执行一次crontab里面的命令,然后再次刷新页面
[root@cacti ~]# php /var/www/html/cacti/poller.php > /dev/null 2>&1
安装SNMP
# yum -y install net-snmp net-snmp-utils
修改snmp配置文件
[root@cacticlient ~]# vim /etc/snmp/snmpd.conf
1) 查找以下代码:
com2sec notConfigUser default public
将"comunity"字段改为你要设置的密码.比如"public",将“default”改为你想哪台机器可以看到你的snmp信息,如设为cacti监控端ip 192.168.92.56,修改后:
com2sec notConfigUser 192.168.0.8 public
2) 查找以下代码:
access notConfigGroup "" any noauth exact systemview none none
将"systemview "字段改为all.修改后:
access notConfigGroup "" any noauth exact all none none
3) 查找以下代码:
#view all included .1 80
将该行前面的"#"去掉.
启动snmp服务并设为开机启动:
# systemctl start snmpd.service && systemctl enable snmpd.service
cacti监控端配置
添加设备
增加监控选项,这里省略,然后新建树图
编辑树图,添加设备
拖动设备到tree
查看监控参数
重启windows snmp服务,然后访问cacti添加设备