Skip to content

Linux Installation

Linegod edited this page Jan 31, 2017 · 8 revisions

Configure PHP

There are numerous ways to package php. The main configuration is done in the so called ini file, e.g. ///etc/php.ini//. The following hints are meant as a guideline. Your distro's setup may vary.

Safe Mode

Cacti uses external commands, e.g. rrdtool. Thus it is required to have

; Safe Mode ; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode safe_mode = Off

Date and Time

Since PHP Version 5.3, it is advised to define a http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone to avoid warnings on time/date functions. Use e.g.

; Defines the default timezone used by the date functions ; http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone date.timezone = "Europe/Berlin"

Enable Template Import

If you want to allow import of templates, uncomment the following line:

file_uploads = On

Enable exec() Calls

Cacti uses e.g. the //exec()// call, so please make sure to have

safe_mode = Off

Configure PHP Extensions

Cacti uses the following php extensions

  • mysql
  • session
  • sockets
  • xml
  • pcre It is recommended to use
  • snmp as well. As a replacement for php-snmp, you may use net-snmp support (sometimes called net-snmp-utils)

Plugins may use additional PHP modules like

  • gd (e.g. used by reportit)
  • dom (e.g. used by cli scripts, available with PHP version 5 only)

Using newer php versions, you may find a hint like ;;;; ; Note: packaged extension modules are now loaded via the .ini files ; found in the directory /etc/php.d; these are loaded by default. ;;;; In this case, there's nothing special to do but to verify, that the relevant .ini files are available in that very directory to reflect PHP support for those modules.

For older versions of PHP, youu may have to edit the php.ini file and add:

extension_dir = /etc/php.d

This will enable PHP to find more configuration directives in that very directory. The /path/to/extension_dir may vary for different linux distros; e.g. extension_dir=/usr/lib/php/modules

Activate the MySQL extension via <extension_dir>/mysql.ini

; Enable mysql extension module extension=mysql.so

Activate the SNMP extension via <extension_dir>/snmp.ini

; Enable snmp extension module extension=snmp.so

If using PHP 4.3.5 or less include the following line. If using 4.3.6 or greater, you should remove this line if present.

session.save_path=/tmp

Configure the Webserver (Apache)

If you are using Apache 1.3.x, installation of PHP 5 is not recommended.

Please find the file "/etc/httpd/conf/httpd.conf" or equivalent and make sure it includes:

# Load config files from the config directory "/etc/httpd/conf.d". Include conf.d/*.conf

Now, please locate the PHP configuration file at "/etc/httpd/conf.d/php.conf"

If using PHP 5, then make sure to have the following lines.

# PHP is an HTML-embedded scripting language which attempts to make it # easy for developers to write dynamically generated webpages. LoadModule php5_module modules/libphp5.so # # Cause the PHP interpreter to handle files with a .php extension. AddHandler php5-script .php AddType text/html .php # # Add index.php to the list of files that will be served as directory # indexes. DirectoryIndex index.php

In case you do not install Cacti to the default web directory, put the following as cacti.conf into /etc/httpd/conf.d. Change /your/cacti/dir to your cacti directory name. Change the Allow from 127.0.0.1 directive to whatever you need (e.g. the subnets in your company). Follow the hints given in the comments, especially when using SELinux! `# Cacti - the complete rrdtool-based graphing solution

Allows only localhost by default

Allowing cacti to anyone other than localhost should be considered

dangerous unless properly secured by SSL

Make sure, that httpd can read your cacti directories.

At minimum, you need

chmod ugo+r -R /your/cacti/dir

Make sure to replace with your directories

When using SELinux, set the following:

chcon -R -h -t httpd_sys_content_t /your/cacti/dir

when using SELinux and you private homedir, enable

setsebool -P httpd_enable_homedirs 1

setsebool -P httpd_read_user_content 1

Alias /cacti /your/cacti/dir <Directory /your/cacti/dir> AllowOverride None Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from ::1 Options Indexes Includes FollowSymLinks

These directories do not require access over HTTP

<Directory /your/cacti/dir/cli> Order Deny,Allow Deny from All Allow from None `

Make sure that the //httpd// web service is started as given by 1_installation.1_install_unix.5a_start_system_services.

Configure MySQL

Please make sure that the //mysqld// database service is started as given by 1_installation.1_install_unix.5a_start_system_services.

By default, the mysql root password is not set. For security reasons, it is required to set a password for the MySQL root user shell> mysqladmin --user=root password somepassword shell> mysqladmin --user=root --password reload Consult MySQL Documentation for details.

Setting Up SNMP

This HowTo will explain how to install and configure the Net-SNMP agent. At time of writing, the latest version available is 5.4 (published on 12/06/2006).

Getting Net-SNMP binaries

Depending on your operating system, you'll find packages or tarballs to install Net-SNMP :

Building the Net-SNMP agent from source

If you can't find binaries for your architecture, you can build the Net-SNMP agent from http://prdownloads.sourceforge.net/net-snmp/net-snmp-5.3.1.tar.gz?download.

Here's how to get the configure options of an already running Net-SNMP agent: $ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.100.6.0 UCD-SNMP-MIB::versionConfigureOptions.0 = STRING: "'-disable-shared' '--with-mib-modules=host/hr_system'"

Configuring the Net-SNMP agent

Depending on how you've installed Net-SNMP, the main configuration file (snmpd.conf) is located in /etc/snmp (installation from package) or /usr/local/share/snmp (installation from tarball).

Please note that you need to restart (or send the HUP signal) the snmpd daemon whenever you modify snmpd.conf

The minimum configuration is this one:rocommunity public

This will enable SNMP version 1/2 read-only requests from any host, with the community name public.\ With this minimal configuration, you'll be able to graph CPU usage, load average, network interfaces, memory/swap usage, logged in users and number of processes.

You can restrict from which hosts SNMP queries are allowed:rocommunity public 127.0.0.1 rocommunity test 87.65.43.21

By default Net-SNMP listens on UDP port 161 on all IPv4 interfaces.\ With the following example, Net-SNMP will listen on UDP port 10000 on 10.20.30.40 IP address:agentaddress 10.20.30.40:10000

You can also make it listens on TCP, which is supported by Cacti agentaddress tcp:161

The "tcp" keyword can then be used in Cacti :

{{:manual:088:listenstcpjt0.preview.png?640x113|listenstcpjt0}}

For those who want some more security, you can use the SNMP version 3 protocol, with MD5 or SHA hashing:createUser frederic MD5 mypassphrase DES group groupv3 usm frederic view all included .iso 80 access groupv3 "" any auth exact all all all

This creates a user "frederic" whose password is "mypassphrase". To test it:# snmpget -v 3 -l AuthNoPriv -u frederic -A mypassphrase 10.50.80.45 sysName.0 SNMPv2-MIB::sysName.0 = STRING: cyclopes

In Cacti, add your device, choose SNMP version 3, and fill the username and password fields:\ {{:manual:088:snmpv3gr1.preview.png?640x262|snmpv3gr1}}

Now that you're done with access control, add these 2 lines in snmpd.conf to indicate the location and contact name of your device:syslocation Bat. C2 syscontact [email protected]

They will then appear in Cacti management interface :

{{:manual:088:syslocationhb2.png?495x115|syslocationhb2}}

Some OIDs return a unit, eg "-153.1 dBm".\ It's a safe idea to turn this off, by adding this to snmpd.conf:dontPrintUnits true

Next step is to graph filesystems in Cacti; the easyest way is to add this line in snmpd.conf:includeAllDisks

When you'll run the "ucd/net - Get Monitored Partitions" Data Query, all the mounted filesystems will show up:

{{:manual:088:disktableuk6.preview.png?640x57|disktableuk6}}

If you want a filesystem not to be listed here, add this line to snmpd.conf:ignoredisk /dev/rdsk/c0t2d0

Unfortunatly, some older versions of Net-SNMP do not fully work with the includeAllDisks keyword :-?\ You'll then have to list explicitly all filesystems you want to graph:disk / disk /usr disk /var disk /oracle

You can also specify NFS mount points.

Please note that the Net-SNMP agent can only report filesystems which where mounted before its start.\ If you manually mount filesystems later, you'll have to reload the Net-SNMP agent (send the HUP signal).

You can also graph processes, by adding this to snmpd.conf:proc httpd

The result will be accessible under the ucdavis.prTable.prEntry tree:

  • prCount, number of current processes running with the name in question
  • prNames, the process name you're counting.

In our example, the number of Apache processes will be available under the .1.3.6.1.4.1.2021.2.1.5 OID Some useful mib modules are:

  • mibII/mta_sendmail, to graph MTA (Sendmail, Postfix, etc.) statistics
  • diskio, to enable to graph I/O statistics
  • ucd-snmp/lmSensors, for hardware monitoring (Linux and Solaris only)

Mib modules can be added like this:$ ./configure --with-mib-modules="module1 module2"

To compile Net-SNMP and build a compressed archive, follow these steps:$ ./configure --with-your-options $ make

mkdir /usr/local/dist

make install prefix=/usr/local/dist/usr/local exec_prefix=/usr/local/dist/usr/local

cd /usr/local/dist

tar cvf /tmp/net-snmp-5.3.1-dist.tar usr

gzip /tmp/net-snmp-5.3.1-dist.tar

rm -rf /usr/local/dist

You can then copy the /tmp/net-snmp-5.3.1-dist.tar.gz file to other servers, and uncompress it from the root directory (everything will get extracted to /usr/local).

Test your configuration

Once Net-SNMP is configured and started, here's how to test it:$ snmpwalk -v 1 -c public localhost .1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: Linux cronos 2.4.28 #2 SMP ven jan 14 14:12:01 CET 2005 i686 This basic query shows that your Net-SNMP agent is reachable.

You can even query which Net-SNMP version is running on a host:$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.100.2.0 UCD-SNMP-MIB::versionTag.0 = STRING: 5.2.1.2

An answer like that one$ snmpwalk -v 1 -c foo localhost .1.3.6.1.2.1.1.1.0 Timeout: No Response from localhostindicates that either the agent is not started, or that the community string is incorrect, or that this device is unreachable. Check your community string, add firewall rules if necessary, etc.

If using SNMP version 3, specifying an unknown user will result in this error message :$ snmpget -v 3 -l AuthNoPriv -u john -A mypassphrase 10.50.80.45 sysName.0 snmpget: Unknown user nameAn incorrect passphrase will result in this error message : $ snmpget -v 3 -l AuthNoPriv -u frederic -A badpassphrase 10.50.80.45 sysName.0 snmpget: Authentication failure (incorrect password, community or key)

This query will show you what filesystems are mounted:$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9.1.2 UCD-SNMP-MIB::dskPath.1 = STRING: / UCD-SNMP-MIB::dskPath.2 = STRING: /BB UCD-SNMP-MIB::dskPath.3 = STRING: /dev/shm If the answer is empty, usually it means the //includeAllDisks// is not supported by your Net-SNMP agent (you'll have to list each filesystem you want to graph as explained in previous chapter).

Finally, this query will you display your network interfaces:$ snmpwalk -v 1 -c public localhost .1.3.6.1.2.1.2.2.1.2 IF-MIB::ifDescr.1 = STRING: lo IF-MIB::ifDescr.2 = STRING: eth0 IF-MIB::ifDescr.3 = STRING: eth1

Extending the SNMP Agent

A great functionnality of Net-SNMP is that you can "extend" it.

Let's run the /tmp/foo.sh script:$ /tmp/foo.sh -arg1 123Now put this in snmpd.conf:exec foo /bin/sh /tmp/foo.sh -arg1 The result of your script will be accessible under the //ucdavis.extTable.extEntry// tree:

  • output of the script : //ucdavis.extTable.extEntry.extOutput//
  • exit status: //ucdavis.extTable.extEntry.extResult//
  • command: //ucdavis.extTable.extEntry.extCommand//

You can check the result with this SNMP query:$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8.1 UCD-SNMP-MIB::extIndex.1 = INTEGER: 1 UCD-SNMP-MIB::extNames.1 = STRING: foo UCD-SNMP-MIB::extCommand.1 = STRING: /bin/sh /tmp/foo.sh -arg1 UCD-SNMP-MIB::extResult.1 = INTEGER: 0 UCD-SNMP-MIB::extOutput.1 = STRING: 123 UCD-SNMP-MIB::extErrFix.1 = INTEGER: 0 UCD-SNMP-MIB::extErrFixCmd.1 = STRING: //extOutput// translates to .1.3.6.1.4.1.2021.8.1.101 As "foo" is our first //exec// directive, add .1 at the end of the OID.

In Cacti, use the "SNMP - Generic OID Template" like this:

{{:manual:088:footh8.preview.png?640x234|footh8}}

Voila! Result of the /tmp/foo.sh script is now graphed in Cacti.

Now let's run this second script, which returns more than one result:$ /tmp/bar.sh 456 789It returns two values, one per line (this is important).

Another way to call scripts from snmpd.conf is by specifying an OID, like this:exec .1.3.6.1.4.1.2021.555 /bin/sh /tmp/bar.sh Run this query:$ snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.555 UCD-SNMP-MIB::ucdavis.555.1.1 = INTEGER: 1 UCD-SNMP-MIB::ucdavis.555.2.1 = STRING: "/bin/sh" UCD-SNMP-MIB::ucdavis.555.3.1 = STRING: "/tmp/bar.sh" UCD-SNMP-MIB::ucdavis.555.100.1 = INTEGER: 0 UCD-SNMP-MIB::ucdavis.555.101.1 = STRING: "456" UCD-SNMP-MIB::ucdavis.555.101.2 = STRING: "789" UCD-SNMP-MIB::ucdavis.555.102.1 = INTEGER: 0 UCD-SNMP-MIB::ucdavis.555.103.1 = "" First line returned by the script will be available at .1.3.6.1.4.1.2021.555**.101.1**, second one at .1.3.6.1.4.1.2021.555**.101.2**, and so on.

You can then use the "SNMP - Generic OID Template" in Cacti (one Data Source per OID).

Let's say you want to count the number of entries in a log file. Add this to snmpd.conf:logmatch cactistats /home/cactiuser/cacti/log/cacti.log 120 SYSTEM STATS

  • the global count of matches will be available under the .1.3.6.1.4.1.2021.16.2.1.5.1 OID
  • the "Regex match counter" (which is reset with each file rotation) will be available under the .1.3.6.1.4.1.2021.16.2.1.7.1 OID

To list all the available variables, use this query:$ snmpwalk -v 1 -c public localhost logMatch UCD-SNMP-MIB::logMatchMaxEntries.0 = INTEGER: 50 UCD-SNMP-MIB::logMatchIndex.1 = INTEGER: 1 UCD-SNMP-MIB::logMatchName.1 = STRING: cactistats UCD-SNMP-MIB::logMatchFilename.1 = STRING: /home/cactiuser/cacti/log/cacti.log UCD-SNMP-MIB::logMatchRegEx.1 = STRING: SYSTEM STATS UCD-SNMP-MIB::logMatchGlobalCounter.1 = Counter32: 301634 UCD-SNMP-MIB::logMatchGlobalCount.1 = INTEGER: 301634 UCD-SNMP-MIB::logMatchCurrentCounter.1 = Counter32: 6692 UCD-SNMP-MIB::logMatchCurrentCount.1 = INTEGER: 6692 UCD-SNMP-MIB::logMatchCounter.1 = Counter32: 1 UCD-SNMP-MIB::logMatchCount.1 = INTEGER: 0 UCD-SNMP-MIB::logMatchCycle.1 = INTEGER: 120 UCD-SNMP-MIB::logMatchErrorFlag.1 = INTEGER: 0 UCD-SNMP-MIB::logMatchRegExCompilation.1 = STRING: Success

We'll then use another interesting directive, the "proxy" one. Let's take for example the Squid proxy : when enabled, its SNMP agent listen to UDP 3401 port. If you want to have system graphs and Squid graphs without declaring 2 devices in Cacti, add this in snmpd.conf:proxy -v 1 -c public localhost:3401 .1.3.6.1.4.1.3495.1The Squid SNMP tree will be available under the .1.3.6.1.4.1.3495.1 branch.

Let's query this host:$ snmpwalk -v 1 -c public 10.151.33.3 sysdescr SNMPv2-MIB::sysDescr.0 = STRING: Linux srv1.foo.com 2.6.8.1-12mdk #1 Fri Oct 1 12:53:41 CEST 2004 i686 And here's the Squid part (this specific OID returns the Squid version):$ snmpwalk -v 1 -c public 10.151.33.3 .1.3.6.1.4.1.3495.1.2.3.0 SNMPv2-SMI::enterprises.3495.1.2.3.0 = STRING: "2.5.STABLE6"

Here, you'll find how to http://www.squid-cache.org/Doc/FAQ/FAQ-18.html.

Install and Configure Cacti

  • Extract the distribution tarball. Untar to the DOCUMENT_ROOT of your web server shell> tar xzvf cacti-version.tar.gz
  • Create the MySQL database:shell> mysqladmin --user=root -p create cacti
  • Import the default cacti database:shell> mysql cacti < cacti.sql
  • Optional: Create a MySQL username and password for Cacti.shell> mysql --user=root mysql mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword'; mysql> flush privileges;
  • Edit "include/config.php" and specify the database type, name, host, user and password for your Cacti configuration.$database_type = "mysql"; $database_default = "cacti"; $database_hostname = "localhost"; $database_username = "cactiuser"; $database_password = "cacti";

/* load up old style plugins here */ $plugins = array(); //$plugins[] = 'thold';

/* Edit this to point to the default URL of your Cacti install ex: if your cacti install as at http://serverip/cacti/ this would be set to /cacti/ */ $url_path = "/cacti/";

/* Default session name - Session name must contain alpha characters */ #$cacti_session_name = "Cacti"; The $plugins array is required for using the http://cactiusers.org only. For legacy plugins, those that must be installed in global.php, we have moved the plugins array out of global.php and into config.php. This was done to insure that global.php remains pristine. It is a file that is not intended to be modified, so with the PIA installed, you should not have to.\ The variable "URL_PATH" has also been moved from global.php to config.php for the same reason as the plugins array. For those of you upgrading from very old Plugin Architectures you should know that in the past, we attempted to "detect" this path. However, the process was not reliable. Therefore, you have to specify that path in config.php.

  • Set the appropriate permissions on cacti's directories for graph/log generation. You should execute these commands from inside cacti's directory to change the permissions. shell> chown -R cactiuser rra/ log/(Enter a valid username for cactiuser, this user will also be used in the next step for data gathering.)
  • Add a line to your "/etc/crontab" file similar to((If you are installing from a distro specific package, ensure that a crontab entry has note already been created by the package installatin routine)):*/5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1Replace cactiuser with the valid user specified in the previous step.Replace "/var/www/html/cacti/" with your full Cacti path.
  • Make sure, that the //crond// cron daemon is running as given by 1_installation.1_install_unix.5a_start_system_services.
  • Point your web browser to: http://your-server/cacti in the with a username/password of admin. You will be required to change this password immediately. Make sure to fill in all of the path variables carefully and correctly on the following screen.

Start System Services

Cacti requires the following system services (daemons) to be started.

  • crond\ starts cacti polling
  • mysqld\ stores all administrative data for cacti
  • httpd\ provides the cacti web interface
  • snmpd (optional)\ on the local server is required to poll its snmp based performance data

You should ensure, that on a system restart, those services are restarted as well. System start procedures are under heavy development these days. We have SysV init scripts, upstart and systemd. So things may change ...

This example assumes that we're dealing with the //httpd// web service. Please apply the same procedure to all services above.

Here's how to start //httpd// as a service. Make sure, that //httpd// is listed as a service by issuing chkconfig --list|grep httpd Activate //httpd// by chkconfig httpd on to find sth like chkconfig --list|grep httpd httpd 0:Off 1:Off 2:On 3:On 4:On 5:On 6:Off Now start the service via service httpd start Verify via service httpd status

(Optional) Install and Configure Spine

Spine is a very fast poller engine, written in C. It is an optional replacement for cmd.php. If you decide to use it, you will have to install it explicitely. It does not come with cacti itself. The easiest way is to install Spine using rpm or ports. You will find packages for Spine at the main cacti site or from your distribution. To compile Spine, please download it to any location of your liking. You will require some packages, for Fedora e.g.

  • net-snmp-devel
  • mysql-devel
  • openssl-devel and the toolchain
  • dos2unix
  • autoconf
  • automake
  • binutils
  • libtool
  • gcc
  • cpp
  • glibc-headers
  • kernel-headers
  • glibc-devel Don't forget to check the official patch download directory and install the patches listed there. To do so, you will require the packages
  • wget
  • patch

To ease the pre-compilation process, a file //bootstrap// is provided. So, please issue from the downloaded directory following commands shell>sh bootstrap shell>./configure shell>make shell>make install "make install" has to be run as root. Assuming, you've managed to install Spine correctly, you will have to configure it. The configuration file may be placed in the same directory as Spine itself or at /etc/Spine.conf. DB_Host 127.0.0.1 or hostname (not localhost) DB_Database cacti DB_User cactiuser DB_Pass cacti DB_Port 3306 All other pre 0.8.6 settings are obsolete. With spine087g, there's a new option to run in compat mode when using Cacti pre-087g. It's called DB_PreG 0 Set it to //0// when using cacti087g. Else, set it to //1//.

Apply Patches

Please visit the Cacti website at http://www.cacti.net/download_patches.php If any patch has been released, you will find installation instructions there.

As an example, please find patch installation instructions for cacti 0.8.6j here. Do not apply those patches to recent releases! wget http://www.cacti.net/downloads/patches/0.8.6j/ping_php_version4_snmpgetnext.patch wget http://www.cacti.net/downloads/patches/0.8.6j/tree_console_missing_hosts.patch wget http://www.cacti.net/downloads/patches/0.8.6j/thumbnail_graphs_not_working.patch wget http://www.cacti.net/downloads/patches/0.8.6j/graph_debug_lockup_fix.patch wget http://www.cacti.net/downloads/patches/0.8.6j/snmpwalk_fix.patch patch -p1 -N < ping_php_version4_snmpgetnext.patch patch -p1 -N < tree_console_missing_hosts.patch patch -p1 -N < thumbnail_graphs_not_working.patch patch -p1 -N < graph_debug_lockup_fix.patch patch -p1 -N < snmpwalk_fix.patch