# 列出目前在 Mail Queue 中的信件
mailq
# 刪除所有在 Queue 中的郵件
postsuper -d ALL
# 刪除所有正在 deferred 佇列中的郵件 ( 刪除曾經發送失敗的信 )
postsuper -d ALL deferred
=================
relayhost = smtp.gmail.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/gmail_passwd
smtp_sasl_security_options =
smtp_use_tls = yes
====================
smtp.gmail.com:587 帳號@gmail.com:密碼
====
用以下指令製作 hash map:
# postmap /usr/local/etc/postfix/gmail_passwd
======================
1. 申請 Gmail 帳號
這理所當然是第一個程序,還沒有的話趕緊去申請一個吧,已經有了帳號就繼續下一個步驟。
2. 建立 SSL 憑證
為了方便管理,可以建立一個目錄來方便放置憑證,以 DR 為例:
# mkdir /etc/postfix/gmail
# cd /etc/postfix/gmail
然後使用以下指令建立憑證:
# openssl genrsa -out gmail.key 1024
# openssl req -new -key gmail.key -x509 -out gmail.crt
執行第二個指令時會要求填入資料(國家、地區、組織、信箱位址等),按著說明填入即可,這不會影響寄信功能。
3. 建立 Gmail 的密碼認證檔案
# vi /etc/postfix/sasl_passwd
然後寫入以下內容:
gmail-smtp.l.google.com username@gmail.com:password
smtp.gmail.com username@gmail.com:password
上頭的 username 和 password 就是要添入 Gmail 的帳號以及密碼,編輯完並儲存後,再執行下個指令去建立資料庫檔案:
# postmap hash:/etc/postfix/sasl_passwd
另外,由於該檔案裡頭存放了相當重要的帳號密碼資訊,DR 建議修改其存取權限,讓一般使用者無法瀏覽:
# chmod 600 /etc/postfix/sasl_passwd
# chmod 600 /etc/postfix/sasl_passwd.db
4. 設定 Postfix
# vi /etc/postfix/main.cf
寫入以下內容:
relayhost=[smtp.gmail.com]:587
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tks_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtp_tls_scert_verifydepth = 5
smtp_tls_key_file=/etc/postfix/gmail/gmail.key
smtp_tls_cert_file=/etc/postfix/gmail/gmail.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no
儲存後重新啟動 Postfix:
# /etc/rc.d/init.d/postfix restart
smtp.gmail.com
Port for TLS/STARTTLS: 587
64.233.187.108
==============
account : ****@gmail.com
password : *****
=============
postfix 2.66
# inbound
smtpd_tls_security_level = may
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
# outbound
smtp_tls_security_level = may
smtp_tls_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp[d]_tls_security_level == "may": smtp[d]_tls_protocols is used
smtp[d]_tls_security_level == "encrypt": smtp[d]_tls_mandatory_protocols is used
smtp[d]_tls_security_level == "none": none of these two parameters is used
=============================
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.cert
# smtpd_tls_CAfile = /etc/pki/tls/root.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
tls_random_exchange_name = /var/lib/postfix/prng_exch
smtpd_tls_auth_only = yes
==
在 postfix 2.3 裡 'smtpd_tls_security_level = may' 取代舊有的 'smtpd_use_tls = yes' 並啟用 tls。我們註釋掉 smtpd_tls_CAfile 但在使用已簽署的憑證時卻須要利用該設定來指定發行機構的憑證。'smtpd_tls_loglevel = 1' 會將 tls 的工作階段記錄在 postfix 的郵件日誌(將它設為第 0 級停止記錄 TLS,而第 2 級對偵錯或許會有幫助)。smtpd_tls_session_cache 設定把 TLS 的工作階段金鑰暫存 1 小時,這個建議是出於重複地為每次連線協商 TLS 工作階段金鑰的代價相對昂貴。
最後那個設定,smtpd_tls_auth_only = yes,強迫 SASL 驗證採用 TLS 並禁止純文字驗證發生,除非已經建立了一個 TLS 工作階段。(在測試時註釋掉 smtpd_tls_auth_only = yes 也許會有用,好讓我們能測試 SSL/TLS 能否運作,但當 SSL/TLS 失效時仍有純文字 SASL 驗證作為後備)。
=============================
test
#telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.weithenn.org
Escape character is '^]'.
220 mail.weithenn.org ESMTP Postfix
ehlo localhost //測試 TLS (此行為自行輸入)
250-mail.weithenn.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS //主機顯示 TLS 功能成功
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls //查詢 TLS 功能是否啟動成功 (此行為自行輸入)
220 2.0.0 Ready to start TLS //系統回應 TLS 啟動成功
quit //離開 (此行為自行輸入)
quit //離開 (此行為自行輸入)
Connection closed by foreign host.
2017年12月29日 星期五
ubuntu 14 install KVM
ubuntu install
安裝監控工具
apt-get install ssh
apt-get install vim
安裝RRD-tools
sudo apt-get install rrdtool
sudo apt-get install librrds-perl
安裝Webmin
sudo vim /etc/apt/sources.list
deb http://download.webmin.com/download/repository sarge contrib
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get update
sudo apt-get install webmin
###
Webmin install complete. You can now login to
https://your_server_ip:10000 as root with your
root password, or as any user who can use `sudo`.
###
安裝硬碟監控套件
下載套件
https://sourceforge.net/projects/webminstats/files/Sysstats/
進入webmin>Webmin Configuration>modules >From uploaded files/Sysstats/
左邊欄位的System內會出現Historic System Statistics
###
安裝KVM
#確認CPU支援虛擬化
sudo apt-get install cpu-checker
$ kvm-ok
#INFO: /dev/kvm exists
#KVM acceleration can be used
#===
sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils virt-manager
#查看group是否建立
egrep libvirtd /etc/group
#登出登入或reboot
sync;sync;shutdwon -r
#===
安裝完成
image位置
安裝監控工具
apt-get install ssh
apt-get install vim
安裝RRD-tools
sudo apt-get install rrdtool
sudo apt-get install librrds-perl
安裝Webmin
sudo vim /etc/apt/sources.list
deb http://download.webmin.com/download/repository sarge contrib
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get update
sudo apt-get install webmin
###
Webmin install complete. You can now login to
https://your_server_ip:10000 as root with your
root password, or as any user who can use `sudo`.
###
安裝硬碟監控套件
下載套件
https://sourceforge.net/projects/webminstats/files/Sysstats/
進入webmin>Webmin Configuration>modules >From uploaded files/Sysstats/
左邊欄位的System內會出現Historic System Statistics
###
安裝KVM
#確認CPU支援虛擬化
sudo apt-get install cpu-checker
$ kvm-ok
#INFO: /dev/kvm exists
#KVM acceleration can be used
#===
sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils virt-manager
#查看group是否建立
egrep libvirtd /etc/group
#登出登入或reboot
sync;sync;shutdwon -r
#===
安裝完成
image位置
2017年3月22日 星期三
Mysql 5.7.16 replication
#打#號之註解為原先已經有設定故註記起來。
[Master]
vim /etc/my.cnf
#======
[mysqld]
bind-address=10.10.0.1
server-id=1
binlog-ignore-db = "mysql"
binlog-format = mixed
log-bin=mysql-bin
#datadir=/var/lib/mysql
#innodb_flush_log_at_trx_commit=1
sync_binlog=1
#====
systemctl restart mysqld
#====
建立一個用作同步的帳號, 以下會建立帳號 replication, 密碼是 P@ssw0rd, Slave 的 ip 為10.10.0.2
CREATE USER replication@10.10.0.2;
GRANT REPLICATION SLAVE ON *.* TO replication@10.10.0.2 IDENTIFIED BY 'P@ssw0rd';
flush privileges;
SHOW MASTER STATUS;
exit;
#========================
然後要用 mysqldump 匯出資料庫的 .sql 檔, 要放到 Slave 匯入:
mysqldump –skip-lock-tables –all-databases –user=root –password –master-data > masterdatabase.sql
#========================
[Slave]
#=======
[mysqld]
server-id=2
binlog-format=mixed
log_bin=mysql-bin
relay-log=mysql-relay-bin
log-slave-updates=1
read-only=1
#====
systemctl restart mysqld
#====
用 root 登入 MySQL, 建立資料庫
create database database-name;
exit;
#============
設定SLAVE
#===========
MariaDB> CHANGE MASTER TO MASTER_HOST='10.10.0.1',MASTER_USER='replication',MASTER_PASSWORD='P@ssw0rd', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=500;
MariaDB> START SLAVE;
MariaDB> SHOW SLAVE STATUS \G;
現在 Slave 已經可以同步, 要查詢 Slave 的狀態, 可以登入 MySQL 用以下指令檢查:
START SLAVE;
SHOW SLAVE STATUS \G;
=====================
[Master]
vim /etc/my.cnf
#======
[mysqld]
bind-address=10.10.0.1
server-id=1
binlog-ignore-db = "mysql"
binlog-format = mixed
log-bin=mysql-bin
#datadir=/var/lib/mysql
#innodb_flush_log_at_trx_commit=1
sync_binlog=1
#====
systemctl restart mysqld
#====
建立一個用作同步的帳號, 以下會建立帳號 replication, 密碼是 P@ssw0rd, Slave 的 ip 為10.10.0.2
CREATE USER replication@10.10.0.2;
GRANT REPLICATION SLAVE ON *.* TO replication@10.10.0.2 IDENTIFIED BY 'P@ssw0rd';
flush privileges;
SHOW MASTER STATUS;
exit;
#========================
然後要用 mysqldump 匯出資料庫的 .sql 檔, 要放到 Slave 匯入:
mysqldump –skip-lock-tables –all-databases –user=root –password –master-data > masterdatabase.sql
#========================
[Slave]
#=======
[mysqld]
server-id=2
binlog-format=mixed
log_bin=mysql-bin
relay-log=mysql-relay-bin
log-slave-updates=1
read-only=1
#====
systemctl restart mysqld
#====
用 root 登入 MySQL, 建立資料庫
create database database-name;
exit;
#============
設定SLAVE
#===========
MariaDB> CHANGE MASTER TO MASTER_HOST='10.10.0.1',MASTER_USER='replication',MASTER_PASSWORD='P@ssw0rd', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=500;
MariaDB> START SLAVE;
MariaDB> SHOW SLAVE STATUS \G;
現在 Slave 已經可以同步, 要查詢 Slave 的狀態, 可以登入 MySQL 用以下指令檢查:
START SLAVE;
SHOW SLAVE STATUS \G;
=====================
Cent OS 7 Cacti 1.1.0 Install + Mysql 5.7.17 Install
20180601補更,後來改使用LibreNMS更方便,cacti掰掰
===
2017 03月 cacti竟然從0.8.8h 一躍為 1.0.0
於是花了些時間嘗試安裝,在卡了一堆bug與套件設定架設完成後,
上網看完討論決定放棄深究,果不其然,如今相差近三個星期已經推行到了1.1.0
才重拾心情再次安裝一次,果然順多了XDD
就把安裝畫面與過程做個筆記。
安裝環境為CentOS 7
在安裝Cacti之前先來處理個前置作業:DB安裝與設定
1.0之前的版本對於DB並無特定的要求
而至1.0之後則是有Mysql >5.6 MariaDB>10.0+
故直接先去Mysql抓取目前最新版本回來安裝
當然,相對指令也有所不同
#Mysql 安裝步驟
setenforce 0
yum info mariadb-libs.x86_64
#預設安裝之mariadb套件
yum remove mariadb-libs.x86_64
yum remove mariadb*
將mysql-5.7.17-1.el7.x86_64.rpm-bundle.tar解壓縮後安裝丟置/tmp目錄安裝以下套件
須注意順序,不然會安裝失敗
yum localinstall mysql-community-common-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-libs-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-libs-compat-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-devel-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-client-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-server-5.7.17-1.el7.x86_64.rpm
systemctl start mysqld
#擷取資料庫初始化之預設root密碼
cat /var/log/mysqld.log |grep password
會出現類似下列訊息
#2017-03-22T02:20:07.946593Z 1 [Note] A temporary password is generated for root@localhost: VC<ugKe.p7OL
將預設root密碼敲入並更改root密碼
mysql -u root -p
#更換root 密碼
ALTER USER 'root'@'localhost' IDENTIFIED BY 'root_P@ssw0rd';
FLUSH PRIVILEGES;
===============
至此Mysql安裝設定暫時完成
===============
Cacti 前置作業:
預設安裝套件如下:
yum -y install httpd*
yum -y install php php-gd php-mbstring php-mysql php-ldap php-posix php-snmp
yum -y install net-snmp*
yum -y install rrdtool*
yum -y install freetype-devel libpng-devel libart_lgpl-devel
yum -y install openssl*
yum -y install gcc
========
設定PHP Timezone
vi /etc/php.ini
timezone=Asia/Taipei
========
安裝 Cacit 1.1.0
#Install Cacit 1.1.0
cd /tmp/
wget http://www.cacti.net/downloads/cacti-1.1.0.tar.gz
tar -xzvf cacti-1.1.0.tar.gz
mv cacti-1.1.0 cacti
cp -R cacti /var/www/html
chmod 777 /var/www/html/cacti/log
chmod 777 /var/www/html/cacti/rra
chmod -R 777 /var/www/html/cacti/cache/
chmod 755 /var/www/html/cacti/poller.php
#安裝設定網頁後需改回755
chmod -R 777 /var/www/html/cacti/resource/
chmod -R 777 /var/www/html/cacti/scripts
chmod -R 755 /var/www/html/cacti/resource/
chmod -R 755 /var/www/html/cacti/scripts
#將欄位設定匯入mysql
如果都安裝在同一台則
cd /var/www/html/cacti/
mysql -u root -p -A cacti < cacti.sql
cd /var/www/cacti/pluging/syslog/
mysql -u root -p -A syslog < syslog.sql
#設定Mysql timezone
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
#設定/etc/my.cnf
vim /etc/my.cnf
===========
#Mysql 5.7.17 for Cacti 1.1.0
[mysqld]
innodb_buffer_pool_size = 512M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
init-connect='SET NAMES utf8'
lower_case_table_names=0
max_heap_table_size=90M
max_allowed_packet=167M
tmp_table_size = 64M
join_buffer_size =128M
sort_buffer_size = 4M
read_rnd_buffer_size = 4M
innodb_doublewrite = OFF
innodb_flush_log_at_timeout = 3
innodb_read_io_threads = 32
innodb_write_io_threads = 16
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
===========
重啟Mysqld
systemctl restart mysqld
===========
設定Cacti DB設定
vim /var/www/html/cacti/include/config.php
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost"; //也可填寫ip如"192.168.1.99"
$database_username = "cactiuser";
$database_password = "cactiP@ssw0rd";
$database_port = "3306";
$database_ssl = false;
===========
6. crontab 排成設定
crontab –e
*/5 * * * * /usr/bin/php /var/www/html/cacti/poller.php >/dev/null 2>&1
===========
防火牆開啟
sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
sudo firewall-cmd --permanent --zone=public --add-port=161/udp
sudo firewall-cmd --permanent --zone=public --add-port=162/udp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
至此Cacti http端設定完畢
應該會顯示以下畫面
如果沒有就對照所缺之套件來安裝
理論上到這邊就沒甚麼問題了
另外安裝 spine增進cacti 效能的套件(可裝可不裝)
cacti spine
==============
https://www.urban-software.com/cacti-howtos/cacti/install-cacti-spine-poller/
cacti spine install
===================
yum install dos2unix
yum install autoconf
yum install automake
yum install libtool
yum -y install help2man
cd /tmp
wget http://www.cacti.net/downloads/spine/cacti-spine-1.0.0.tar.gz
tar -xzvf cacti-spine-1.0.0.tar.gz
cd cacti-spine-1.0.0
./bootstrap
./configure --prefix=/usr/local/spine
make
make install
chown root:root /usr/local/spine/bin/spine
chmod +s /usr/local/spine/bin/spine
#設定spine
cp /usr/local/spine/etc/spine.conf.dist /usr/local/spine/etc/spine.conf
vi /usr/local/spine/etc/spine.conf
====
DB_Host localhost
DB_Database cacti
DB_User cactiuser
DB_Pass cactiP@ssw0rd
DB_Port 3306
DB_PreG 0
====
Client SNMP設定
vim /etc/snmp/snmpd.conf
==========
#com2sec notConfigUser default public
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
新增下列設定
com2sec local localhost public
com2sec mynetwork 192.168.1.0/24 public
group notConfigGroup v1 local
group notConfigGroup v2c local
group notConfigGroup v1 mynetwork
group notConfigGroup v2c mynetwork
view all included .1 80
view systemview included .1.3.6.1.2.1.2
access notConfigGroup "" any noauth prefix all none none
access notConfigGroup "" any noauth prefix all all all
===========
systemctl restart snmpd.service
===========
Try it!
===
2017 03月 cacti竟然從0.8.8h 一躍為 1.0.0
於是花了些時間嘗試安裝,在卡了一堆bug與套件設定架設完成後,
上網看完討論決定放棄深究,果不其然,如今相差近三個星期已經推行到了1.1.0
才重拾心情再次安裝一次,果然順多了XDD
就把安裝畫面與過程做個筆記。
安裝環境為CentOS 7
在安裝Cacti之前先來處理個前置作業:DB安裝與設定
1.0之前的版本對於DB並無特定的要求
而至1.0之後則是有Mysql >5.6 MariaDB>10.0+
故直接先去Mysql抓取目前最新版本回來安裝
當然,相對指令也有所不同
#Mysql 安裝步驟
setenforce 0
yum info mariadb-libs.x86_64
#預設安裝之mariadb套件
yum remove mariadb-libs.x86_64
yum remove mariadb*
將mysql-5.7.17-1.el7.x86_64.rpm-bundle.tar解壓縮後安裝丟置/tmp目錄安裝以下套件
須注意順序,不然會安裝失敗
yum localinstall mysql-community-common-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-libs-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-libs-compat-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-devel-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-client-5.7.17-1.el7.x86_64.rpm
yum localinstall mysql-community-server-5.7.17-1.el7.x86_64.rpm
systemctl start mysqld
#擷取資料庫初始化之預設root密碼
cat /var/log/mysqld.log |grep password
會出現類似下列訊息
#2017-03-22T02:20:07.946593Z 1 [Note] A temporary password is generated for root@localhost: VC<ugKe.p7OL
將預設root密碼敲入並更改root密碼
mysql -u root -p
#更換root 密碼
ALTER USER 'root'@'localhost' IDENTIFIED BY 'root_P@ssw0rd';
FLUSH PRIVILEGES;
===============
至此Mysql安裝設定暫時完成
===============
Cacti 前置作業:
預設安裝套件如下:
yum -y install httpd*
yum -y install php php-gd php-mbstring php-mysql php-ldap php-posix php-snmp
yum -y install net-snmp*
yum -y install rrdtool*
yum -y install freetype-devel libpng-devel libart_lgpl-devel
yum -y install openssl*
yum -y install gcc
========
設定PHP Timezone
vi /etc/php.ini
timezone=Asia/Taipei
========
安裝 Cacit 1.1.0
#Install Cacit 1.1.0
cd /tmp/
wget http://www.cacti.net/downloads/cacti-1.1.0.tar.gz
tar -xzvf cacti-1.1.0.tar.gz
mv cacti-1.1.0 cacti
cp -R cacti /var/www/html
chmod 777 /var/www/html/cacti/log
chmod 777 /var/www/html/cacti/rra
chmod -R 777 /var/www/html/cacti/cache/
chmod 755 /var/www/html/cacti/poller.php
#安裝設定網頁後需改回755
chmod -R 777 /var/www/html/cacti/resource/
chmod -R 777 /var/www/html/cacti/scripts
chmod -R 755 /var/www/html/cacti/resource/
chmod -R 755 /var/www/html/cacti/scripts
=========
重啟 apache(怕沒重啟帶入設定)
systemctl restart httpd
=========
設定cacti 與DB
#建立資料庫
mysql -u root -p
create database cacti ;
create database syslog ;
//GRANT cacti 資料庫權限給Cacti 資料庫使用者,密碼為cacti
//GRANT ALL ON '資料庫'.* TO '帳號'@'IP/hostname' IDENTIFIED BY '密碼';
//@後之IP或是HOSTNAME為限定其主機與IP可連結,留空白則為都開放。
SET GLOBAL validate_password_policy='LOW';
grant all on cacti.* to 'cactiuser'@'localhost' identified by "cactiP@ssw0rd";
grant all on syslog.* to 'cactiuser'@'localhost' identified by "cactiP@ssw0rd";
grant SELECT on mysql.* to 'cactiuser'@'localhost' identified by "cactiP@ssw0rd";
flush privileges;
#將欄位設定匯入mysql
如果都安裝在同一台則
cd /var/www/html/cacti/
mysql -u root -p -A cacti < cacti.sql
cd /var/www/cacti/pluging/syslog/
mysql -u root -p -A syslog < syslog.sql
#設定Mysql timezone
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
#設定/etc/my.cnf
vim /etc/my.cnf
===========
#Mysql 5.7.17 for Cacti 1.1.0
[mysqld]
innodb_buffer_pool_size = 512M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
init-connect='SET NAMES utf8'
lower_case_table_names=0
max_heap_table_size=90M
max_allowed_packet=167M
tmp_table_size = 64M
join_buffer_size =128M
sort_buffer_size = 4M
read_rnd_buffer_size = 4M
innodb_doublewrite = OFF
innodb_flush_log_at_timeout = 3
innodb_read_io_threads = 32
innodb_write_io_threads = 16
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
===========
重啟Mysqld
systemctl restart mysqld
===========
設定Cacti DB設定
vim /var/www/html/cacti/include/config.php
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost"; //也可填寫ip如"192.168.1.99"
$database_username = "cactiuser";
$database_password = "cactiP@ssw0rd";
$database_port = "3306";
$database_ssl = false;
===========
6. crontab 排成設定
crontab –e
*/5 * * * * /usr/bin/php /var/www/html/cacti/poller.php >/dev/null 2>&1
===========
防火牆開啟
sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
sudo firewall-cmd --permanent --zone=public --add-port=161/udp
sudo firewall-cmd --permanent --zone=public --add-port=162/udp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
至此Cacti http端設定完畢
應該會顯示以下畫面
如果沒有就對照所缺之套件來安裝
理論上到這邊就沒甚麼問題了
另外安裝 spine增進cacti 效能的套件(可裝可不裝)
cacti spine
==============
https://www.urban-software.com/cacti-howtos/cacti/install-cacti-spine-poller/
cacti spine install
===================
yum install dos2unix
yum install autoconf
yum install automake
yum install libtool
yum -y install help2man
cd /tmp
wget http://www.cacti.net/downloads/spine/cacti-spine-1.0.0.tar.gz
tar -xzvf cacti-spine-1.0.0.tar.gz
cd cacti-spine-1.0.0
./bootstrap
./configure --prefix=/usr/local/spine
make
make install
chown root:root /usr/local/spine/bin/spine
chmod +s /usr/local/spine/bin/spine
#設定spine
cp /usr/local/spine/etc/spine.conf.dist /usr/local/spine/etc/spine.conf
vi /usr/local/spine/etc/spine.conf
====
DB_Host localhost
DB_Database cacti
DB_User cactiuser
DB_Pass cactiP@ssw0rd
DB_Port 3306
DB_PreG 0
====
Client SNMP設定
vim /etc/snmp/snmpd.conf
==========
#com2sec notConfigUser default public
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
新增下列設定
com2sec local localhost public
com2sec mynetwork 192.168.1.0/24 public
group notConfigGroup v1 local
group notConfigGroup v2c local
group notConfigGroup v1 mynetwork
group notConfigGroup v2c mynetwork
view all included .1 80
view systemview included .1.3.6.1.2.1.2
access notConfigGroup "" any noauth prefix all none none
access notConfigGroup "" any noauth prefix all all all
===========
systemctl restart snmpd.service
===========
Try it!
訂閱:
文章 (Atom)