2019-03-08 CentOS 7 安装Cacti 1.2.2

在Ubuntu上安装Cacti的时候，用apt直接装的，不是最新版。老板看了说要最新版的，那就继续折腾，这回咱装到CentOS上。
一、安装MariaDB
添加MariaDB yum仓库，可以直接vim编辑一个，用cat也行。

# cat > /etc/yum.repos.d/MariaDB.repo <

然后安装MariaDB数据库，启动进程，设置开机启动，并进行安全配置。

yum install MariaDB-server MariaDB-client -y
systemctl start mariadb
systemctl enable mariadb
#查看状态
[root@localhost axing]# systemctl status mariadb
● mariadb.service - MariaDB 10.2.22 database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/mariadb.service.d
           └─migrated-from-my.cnf-settings.conf
   Active: active (running) since Fri 2019-03-08 00:34:21 GMT; 16h ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
  Process: 2877 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
  Process: 2743 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= ||   VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ]   && systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1 (code=exited, status=0/SUCCESS)
  Process: 2740 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
...
#安全配置
mysql_secure_installation
#过程略过，设置密码，一路yes吧
[root@localhost axing]# mysql --version
mysql  Ver 15.1 Distrib 10.2.22-MariaDB, for Linux (x86_64) using readline 5.1

这个时候数据库就算安装好了，如果需要配置远程访问权限的话，进入数据库，

[root@localhost axing]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 1558
Server version: 10.2.22-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> select User, host from mysql.user;
+-----------+-----------+
| User      | host      |
+-----------+-----------+
| root      | 127.0.0.1 |
| root      | ::1       |
| cactiuser | localhost |
MariaDB [(none)]>

修改root账号权限，其他用户也类似：

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
#这里的%表示所有IP，如果要限制ip访问的话，把'root'@'%'改为'root'@'192.168.71.%' 即可
#使权限生效
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
#现在再看账号信息，多了个%表示OK了
MariaDB [(none)]> select User, host from mysql.user;
+-----------+-----------+
| User      | host      |
+-----------+-----------+
| root      | %         |
| root      | 127.0.0.1 |
| root      | ::1       |
| cactiuser | localhost |
| root      | localhost |
+-----------+-----------+
5 rows in set (0.00 sec)
MariaDB [(none)]>

远程访问数据库还需要防火墙开放3306端口

firewall-cmd –zone=public –add-port=3306/tcp –permanent
firewall-cmd –reload

如果需要设置数据库大小写字母不敏感，修改 /etc/my.cnf.d/server.cnf，在[mysqld]下面加上 lower_case_table_names=1 ，再重启数据库
二、安装Cacti环境需要的其他包，这个直接从网上找的，不知道有没有不需要的，总之我都装上是好用的

# yum install -y httpd mariadb mariadb-server mariadb-devel net-snmp net-snmp-utils net-snmp-libs net-snmp-agent-libs net-snmp-devel php php-snmp php-ldap php-pdo php-mysql php-devel php-pear php-common php-gd php-mbstring php-xml php-process rrdtool rrdtool-php rrdtool-perl rrdtool-devel gcc openssl-devel dos2unix autoconf automake binutils libtool cpp postfix glibc-headers kernel-headers glibc-devel gd gd-devel help2man ntpdate wget patch

三、环境配置
3.1 修改php配置文件，位于/etc/php.ini

vim /etc/php.ini
...
date.timezone = GMT
max_input_time = 60
memory_limit = 1024M
...

时区如果是中国改成PRC，我这是英国选用格林威治时区。
3.2 修改apache httpd配置文件，位于/etc/httpd/conf.d/php.conf

vim /etc/httpd/conf.d/php.conf
...
LoadModule php5_module modules/libphp5.so
AddHandler php5-script .php
...

cacti安装目录配置，新建/etc/httpd/conf.d/cacti.conf文件，配置的比较简单，没有做访问权限，网段之类的设置，看起来这样的：

vim /etc/httpd/conf.d/cacti.conf
# Cacti - the complete rrdtool-based graphing solution
#
# Allows only localhost by default
#
# Allowing cacti to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
# Make sure, that httpd can read your cacti directories.
# At minimum, you need
#    chmod ugo+r -R /your/cacti/dir
# Make sure to replace with your directories
# When using SELinux, set the following:
#    chcon -R -h -t httpd_sys_content_t /your/cacti/dir
# when using SELinux and you private homedir, enable
#    setsebool -P httpd_enable_homedirs 1
#    setsebool -P httpd_read_user_content 1
Alias /cacti /var/www/html/cacti


   AllowOverride None
   Require all granted
   Order Allow,Deny
   Allow from all
   Options Indexes Includes FollowSymLinks


# These directories do not require access over HTTP
#

    Order Deny,Allow
    Deny from All
    Allow from None

3.3 数据库配置
我们已经做了一些配置，现在要做的是优化适用于Cacti
导入时区数据到mysql数据库

# mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -uroot mysql -p

修改数据库配置文件，位于/etc/my.cnf.d/server.cnf, 在[mysqld]下面增加：

[root@localhost axing]# vim /etc/my.cnf.d/server.cnf
...
[mysqld]
character_set_server = utf8mb4
collation_server = utf8mb4_unicode_ci
character_set_client = utf8mb4
max_connections = 100
max_heap_table_size = 100M
max_allowed_packet = 16777216
join_buffer_size = 250M
tmp_table_size = 64M
innodb_file_per_table = ON
innodb_buffer_pool_size = 1280M
innodb_doublewrite = OFF
innodb_lock_wait_timeout = 50
innodb_flush_log_at_timeout = 3
innodb_read_io_threads = 32
innodb_write_io_threads = 16
innodb_buffer_pool_instances = 11

这里innodb_buffer_pool_size 设置了 1280M，按照要求innodb_buffer_pool_instances 的数值要大于 1280/128，我设的是11，根据你配置的大小可以自己调整。
3.4 配置SNMP，配置文件位于/etc/snmp/snmpd.conf

vim /etc/snmp/snmpd.conf
...
#约41行，修改通讯字串
com2sec notConfigUser  127.0.0.1     yourpassword
#约62行，改为
access  notConfigGroup ""      any       noauth    exact  all    none   none
#约85行，取消注释
view all    included  .1                               80
...

四、安装配置Cacti，现在最新版是1.2.2
4.1 下载最新版本cacti

# cd /var/www/html
# wget https://www.cacti.net/downloads/cacti-latest.tar.gz
# tar zxvf cacti-latest.tar.gz

4.2 创建cacti数据库，创建cactiuser用户，设置授权：

# mysql -u root -p
MariaDB [(none)]> CREATE database cacti default character set utf8;
MariaDB [(none)]> create user 'cactiuser'@'localhost' identified by 'cactiuser';
MariaDB [(none)]> grant all privileges on cacti.* to cactiuser@localhost;
MariaDB [(none)]> grant select on mysql.time_zone_name to 'cactiuser'@'localhost' identified by 'cactiuser';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> quit

4.3 导入cacti默认数据库

# mysql -uroot -p cacti < /var/www/html/cacti-1.2.2/cacti.sql

4.4 修改配置文件，主要是数据库密码, 配置文件在安装目录下：/var/www/html/cacti-1.2.2/include/config.php

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "yourpassword";

4.5 创建cacti系统用户，设置目录权限

# useradd -r -M cacti
# ln -s /var/www/html/cacti-1.2.2 /var/www/html/cacti
# chown -R apache.apache /var/www/html/cacti/
# chown -R cacti /var/www/html/cacti-1.2.2/{rra,log}/

4.6 添加定时任务

# crontab -e
*/5 * * * * /usr/bin/php /var/www/html/cacti/poller.php > /dev/null 2>&1

4.7 配置firewalld防火墙，关闭selinux

# 上面数据库如果已经配置了可以不要再配3306
# firewall-cmd --permanent --add-port=3306/tcp
# firewall-cmd --permanent --add-service=http
# firewall-cmd --permanent --add-port=161/udp
# firewall-cmd --permanent --add-port=162/udp
# firewall-cmd --reload
# setenforce 0
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

4.8 启动服务和开机设置

# systemctl enable httpd
# systemctl enable mariadb
# systemctl enable crond
# systemctl enable snmpd
# systemctl restart httpd
# systemctl restart mariadb
# systemctl restart crond
# systemctl restart snmpd

4.9 登录Cacti Web安装界面，愉快的安装吧
http:<你的IP>/cacti
中间有不满足条件的，有很清楚的提示可以去改正，然后可以使用初始用户名密码 admin/admin登录了。
五、编译安装spine

[root@localhost html]# wget https://www.cacti.net/downloads/spine/cacti-spine-latest.tar.gz
--2019-03-08 23:08:25--  https://www.cacti.net/downloads/spine/cacti-spine-latest.tar.gz
Resolving www.cacti.net (www.cacti.net)... 104.28.8.127, 104.28.9.127, 2606:4700:30::681c:87f, ...
Connecting to www.cacti.net (www.cacti.net)|104.28.8.127|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2310298 (2.2M) [application/x-gzip]
Saving to: 'cacti-spine-latest.tar.gz'

100%[==========================================================>] 2,310,298   1.79MB/s   in 1.2s

2019-03-08 23:08:27 (1.79 MB/s) - 'cacti-spine-latest.tar.gz' saved [2310298/2310298]

[root@localhost html]# tar xzvf cacti-spine-latest.tar.gz
...
[root@localhost html]# ln -s /usr/lib64/libmysqlclient.so.18.0.0 /usr/lib64/libmysqlclient.so
#NTP服务器地址，国内可找一个比较近的比如：210.72.145.44 (国家授时中心服务器IP地址),202.112.10.36 # 1.cn.pool.ntp.org, 59.124.196.83 # 0.asia.pool.ntp.org
[root@localhost html]# ntpdate xx.xxx.xxx.xx
 8 Mar 23:10:53 ntpdate[32214]: step time server 46.102.170.84 offset 7.160853 sec
[root@localhost html]# cd cacti-spine-1.2.2/
[root@localhost cacti-spine-1.2.2]# ./configure && make && make install
...

复制修改spine.conf文件，主要是数据库用户名和密码

[root@localhost cacti-spine-1.2.2]# cp /usr/local/spine/etc/spine.conf.dist /usr/local/spine/etc/spine.conf
[root@localhost cacti-spine-1.2.2]# vim /usr/local/spine/etc/spine.conf
...

DB_Host       localhost
DB_Database   cacti
DB_User       cactiuser
DB_Pass       yourpassword
DB_Port       3306
#DB_UseSSL    0
#RDB_SSL_Key
#RDB_SSL_Cert
#RDB_SSL_CA

RDB_Host      localhost
RDB_Database  cacti
RDB_User      cactiuser
RDB_Pass      yourpassword
RDB_Port      3306
#RDB_UseSSL    0
#RDB_SSL_Key
#RDB_SSL_Cert
#RDB_SSL_CA

然后登录Cacti页面修改配置

Console -> Configuration -> Settings -> Paths -> 在 Spine Binary File Location 文本框内填入配置文件路径 /usr/local/spine/bin/spine 
在 Spine Config File Path 文本框内填入配置文件路径 /usr/local/spine/etc/spine.conf，右下角保存 （Save）
Console ->  Configuration -> Settings -> Poller -> 在 Poller Type 下拉框中选择 spine ，点击保存 （Save）

完工，后面再添加插件和要监控的网络设备吧。