环境: CentOS-6.8-x8664-minimal cacti-0.8.8h.tar.gz cacti系统安全性存在一定的问题,强烈建议部署在内网环境中!
先更新系统
yum -y install wget vim-enhanced
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/{.repo,backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.163.com/.help/CentOS6-Base-163.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all
yum makecache
yum -y update
1.安装LAMP
安装MySQL
yum install -y mysql-server mysql-client mysql-devel
安装httpd服务
yum -y install httpd
安装php服务
yum -y install php php-mysql
检查以上软件是否安装成功(应该是10个)
rpm -qa |egrep 'php|httpd|mysql'
mysql-5.1.73-7.el6.x8664
php-common-5.3.3-48.el68.x8664
php-pdo-5.3.3-48.el68.x8664
php-5.3.3-48.el68.x8664
mysql-libs-5.1.73-7.el6.x8664
mysql-server-5.1.73-7.el6.x8664
httpd-tools-2.2.15-54.el6.centos.x8664
httpd-2.2.15-54.el6.centos.x8664
php-cli-5.3.3-48.el68.x8664
php-mysql-5.3.3-48.el68.x8664
安装需要的库文件
yum -y install zlib freetype libjpeg fontconfig gd libxml2 zlib freetype libjpeg fontconfig gd libxml2 php-gd gcc net-snmp-devel mysql-devel dos2unix autoconf
2.安装rrd工具
yum -y install rrdtool rrdtool-devel
3.安装并配置监控需要的snmp工具
yum -y install net-snmp net-snmp-devel net-snmp-utils
配置snmp(监控本机,可作为安装后的出图验证)
vim /etc/snmp/snmpd.conf
将com2sec notConfigUser default public
改为:com2sec notConfigUser 127.0.0.1 public
将access notConfigGroup "" any noauth exact systemview none none
改为:access notConfigGroup "" any noauth exact all none none
将view all included .1 80 去掉注释符
4.启动服务并加如开机启动
service httpd start
service mysqld start
service snmpd start
chkconfig httpd on
chkconfig mysqld on
chkconfig snmpd on
5.安装cacti
wget https://www.cacti.net/downloads/cacti-0.8.8h.tar.gz
tar zxf cacti-0.8.8h.tar.gz -C /var/www/html/
cd /var/www/html/
mv cacti-0.8.8h/ /var/www/html/cacti
6.初始化数据库
mysql -u root
create database cacti;
grant all on cacti. to cacti@localhost identified by 'admin@123';
grant all on cacti. to cacti@'127.0.0.1' identified by 'admin@123';
flush privileges;
use cacti;
source /var/www/html/cacti/cacti.sql;
quit
7.设置php.ini的时区(否则不出图)
vim /etc/php.ini
date.timezone = Asia/Shanghai
8.配置cacti
vim /var/www/html/cacti/include/config.php
$databasetype = "mysql";
$databasedefault = "cacti";
$databasehostname = "localhost";
$databaseusername = "cacti";
$databasepassword = "admin@123";
$databaseport = "3306";
9.设置相关权限和计划任务.
useradd cacti -d /var/www/html/cacti -s /sbin/nologin
chown -R cacti /var/www/html/cacti/rra /var/www/html/cacti/log
echo '/5 root /usr/bin/php /var/www/html/cacti/poller.php > /dev/null 2>&1' >> /etc/crontab
10.安装spine轮询插件 下载-->解压-->进入目录-->安装
wget https://www.cacti.net/downloads/spine/cacti-spine-0.8.8h.tar.gz
tar zxcf cacti-spine-0.8.8h.tar.gz
cd cacti-spine-0.8.8h.tar.gz
./configure
make&&make install
cp /usr/local/spine/etc/spine.conf.dist /etc/spine.conf
spine -v
vim /etc/spine.conf
DBHost localhost
DBDatabase cacti
DBUser cacti
DBPass admin@123
DBPort 3306
测试
/usr/local/spine/bin/spine
接下来配置cacti图形工具(默认安装在/usr/local/spine/sbin/spine,已链接到/sbin/spine中):
Console -> Configureation -> Settings -> Alternate Poller Path -> Spine Poller File Path
Console -> Cacti Settings -> Poller -> Poller Type
然后修改计划任务,由原来的5分钟执行一次,修改为每分钟执行一次
/5 php /opt/cacti/cacti/poller.php > /dev/null 2>&1
改为
/1 php /opt/cacti/cacti/poller.php > /dev/null 2>&1
11.重启全部服务
service httpd restart
service mysqld restart
service snmpd restart
13.完成安装 http://localhost/cacti 用户名为admin,密码默认为admin,密码首次登录要求修改。
排障
1、不出图:
/var/www/html/cacti
目录赋权777,等5分钟轮询。
2、还不出图:
mysql
use cacti;
select count(*) from polleroutput;
truncate table polleroutput;
select count(*) from polleroutput;
最后重建缓存。 3、改中文支持 --将rrdtool版本号改为1.2.x; --将字体文件MSYH.ttf复制进/usr/share/fonts/下,并授权777; --cacti页面中,将default font path改为/usr/share/fonts/MSYH.ttf; --修改vim /var/www/html/cacti/lib/functions.php,倒数第2行添加: setlocale(LCCTYPE,"zhCN.UTF-8"); --重启httpd服务。
附:
比如说cacti平台要求更改默认端口号(例改为10010),且做白名单限制(例只允许IP地址123.123.123.123登录),相关设置如下
1、改端口号
vim /etc/httpd/conf/httpd.conf
在第137行下修改Listen:80为Listen:10010,保存退出。
2、防火墙放行10010端口号
vim /etc/sysconfig/iptables
添加防火墙规则
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
重启防火墙服务
service iptables restart
3、做白名单访问限制
vim /etc/httpd/conf/httpd.conf
在第318行下, <Directory "/var/www/html">内添加如下内容并保存退出
Order allow,deny
Allow from 123.123.123.123
重启httpd服务
service httpd restart
