Rocky Linux への Pandora FMS インストールガイド

前提条件

  • Rocky Linux 8 と root 権限
  • インターネット接続

リポジトリ設定

dnf install -y \
  epel-release \
  tar \
  dnf-utils \
  http://rpms.remirepo.net/enterprise/remi-release-8.rpm

dnf module reset php

dnf module install -y php:remi-8.0

dnf config-manager --set-enabled powertools

Percona データベースインストール

dnf install -y https://repo.percona.com/yum/percona-release-latest.noarch.rpm

dnf module disable -y mysql

rm -rf /etc/my.cnf

percona-release setup ps80 -y

dnf install -y percona-server-server percona-xtrabackup-80

Web コンソール依存ファイルのインストール

dnf install -y \
     php \
     postfix \
     php-mcrypt \
     php-cli \
     php-gd \
     php-curl \
     php-session \
     php-mysqlnd \
     php-ldap \
     php-zip \
     php-zlib \
     php-fileinfo \
     php-gettext \
     php-snmp \
     php-mbstring \
     php-pecl-zip \
     php-xmlrpc \
     libxslt \
     wget \
     php-xml \
     httpd \
     mod_php \
     atk \
     avahi-libs \
     cairo \
     cups-libs \
     fribidi \
     gd \
     gdk-pixbuf2 \
     ghostscript \
     graphite2 \
     graphviz \
     gtk2 \
     harfbuzz \
     hicolor-icon-theme \
     hwdata \
     jasper-libs \
     lcms2 \
     libICE \
     libSM \
     libXaw \
     libXcomposite \
     libXcursor \
     libXdamage \
     libXext \
     libXfixes \
     libXft \
     libXi \
     libXinerama \
     libXmu \
     libXrandr \
     libXrender \
     libXt \
     libXxf86vm \
     libcroco \
     libdrm \
     libfontenc \
     libglvnd \
     libglvnd-egl \
     libglvnd-glx \
     libpciaccess \
     librsvg2 \
     libthai \
     libtool-ltdl \
     libwayland-client \
     libwayland-server \
     libxshmfence \
     table-libEGL \
     table-libGL \
     table-libgbm \
     table-libglapi \
     pango \
     pixman \
     xorg-x11-fonts-75dpi \
     xorg-x11-fonts-misc \
     poppler-data \
     php-yaml \
     mod_ssl \
     libzstd \
     openldap-clients \
     http://firefly.pandorafms.com/centos8/chromium-110.0.5481.177-1.el7.x86_64.rpm \
     http://firefly.pandorafms.com/centos8/chromium-common-110.0.5481.177-1.el7.x86_64.rpm \
     http://firefly.pandorafms.com/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm \
     http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm 

Pandora FMS サーバ依存ファイルのインストール

dnf install -y \
     pearl \
     vim \
     fping \
     perl-IO-Compress \
     nmap\
     sudo \
     perl-Time-HiRes \
     nfdump \
     net-snmp-utils\
     perl(NetAddr::IP) \
     perl(Sys::Syslog) \
     perl(DBI) \
     perl(XML::Simple) \
     perl(Geo::IP) \
     perl(IO::Socket::INET6) \
     perl(XML::Twig) \
     expect \
     openssh-clients\
     java \
     bind-utils \
     whois \
     http://firefly.pandorafms.com/centos7/xprobe2-0.3-12.2.x86_64.rpm\
     http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm\
     https://firefly.pandorafms.com/centos8/pandorawmic-1.0.0-1.x86_64.rpm

Perl および VMware 依存ファイル

dnf install -y \
     perl-Net-HTTP \
     perl-libwww-perl\
     openssl-devel \
     perl-crypt-cbc\
     perl-Bytes-Random-Secure \
     perl-Crypt-Random-Seed \
     perl-Math-Random-ISAAC\
     perl-json\
     perl-Crypt-SSLeay \
     http://firefly.pandorafms.com/centos8/perl-Crypt-OpenSSL-AES-0.02-1.el8.x86_64.rpm\
     http://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm

Oracle Client インストール

dnf install -y \
   https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-basic-19.8.0.0.0-1.x86_64.rpm\
   https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-sqlplus-19.8.0.0.0-1.x86_64.rpm

Pandora FMS 自動検出のための依存ファイルインストール

curl https://packages.microsoft.com/config/rhel/8/prod.repo -o /etc/yum.repos.d/mssql-release.repo

dnf remove unixODBC-utf16 unixODBC-utf16-devel

env ACCEPT_EULA=Y dnf install -y msodbcsql17

オペレーティングシステム設定とデータベース作成

settenforce 0

sed -i -e "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config

systemctl disable firewalld --now

cat> /etc/my.cnf <<EO_CONFIG_TMP
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EO_CONFIG_TMP

systemctl start mysqld

grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev
mysql -uroot -p"password";

SET PASSWORD FOR 'root'@'localhost' = 'Pandor4!';

UNINSTALL COMPONENT 'file://component_validate_password';

SET PASSWORD FOR 'root'@'localhost' = 'pandora';

CREATE DATABASE pandora;

CREATE USER 'pandora'@'%' IDENTIFIED BY 'pandora';

ALTER USER 'pandora'@'%' IDENTIFIED WITH mysql_native_password BY 'pandora';
GRANT ALL PRIVILEGES ON pandora.* TO 'pandora'@'%';

exit

POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\.. *$/M/g")

cat> /etc/my.cnf <<EO_CONFIG_F
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
character-set-server=utf8mb4
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results

max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 300
thread_cache_size = 8
thread_stack = 256K
max_connections = 100

key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M

skip-log-bin

sql_mode=""

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

EO_CONFIG_F

systemctl restart mysqld

systemctl enable mysqld --now

コンソールと Pandora FMS サーバのインストール

wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm

wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.noarch.rpm

wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.noarch.rpm

dnf install -y ./pandorafms*.rpm

wget https://firefly.pandorafms.com/pandorafms/utils/gotty_linux_amd64.tar.gz

tar xvzf gotty_linux_amd64.tar.gz

mv gotty /usr/bin/

systemctl enable mysqld --now

systemctl enable httpd --now

mysql -upandora -ppandora
wear pandora;

source /var/www/html/pandora_console/pandoradb.sql;

source /var/www/html/pandora_console/pandoradb_data.sql;

exit;

cat> /var/www/html/pandora_console/include/config.php <<EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="pandora";
\$config["dbuser"]="pandora";
\$config["dbpass"]="pandora";
\$config["dbhost"]="127.0.0.1";
\$config["homedir"]="/var/www/html/pandora_console";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F

cat> /etc/httpd/conf.d/pandora.conf <<EO_CONFIG_F
<Directory "/var/www/html">
Options Indexes FollowSymLinks
Allow Override All
Require all granted
</Directory>
EO_CONFIG_F

cat>> /etc/httpd/conf.modules.d/00-proxy.conf <<'EO_HTTPD_MOD'
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

EO_HTTPD_MOD

cat>> /etc/httpd/conf.d/wstunnel.conf <<'EO_HTTPD_WSTUNNEL'
Proxy Requests Off
<Proxy *>
     Require all granted
</Proxy>

ProxyPass /ws ws://127.0.0.1:8080
ProxyPassReverse /ws ws://127.0.0.1:8080

EO_HTTPD_WSTUNNEL

sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/images/.htaccess

sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/attachment/.htaccess

chmod 600 /var/www/html/pandora_console/include/config.php

chown apache. /var/www/html/pandora_console/include/config.php

mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done

sed -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini

sed -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini

sed -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini

sed -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini

sed -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini

echo 'TimeOut 900'> /etc/httpd/conf.d/timeout.conf

cat> /var/www/html/index.html <<EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX

systemctl restart httpd

systemctl restart php-fpm

cat> /etc/snmp/snmptrapd.conf <<EOF
authCommunity log public
disableAuthorization yes
EOF

sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^#.mssql_driver.*/mssql_driver ODBC Driver 17 forSQL Server/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^fping.*|fping /usr/sbin/fping|g" /etc/pandora/pandora_server.conf

sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_server.conf

cat> /etc/pandora/pandora_server.env <<'EOF_ENV'
#!/bin/bash
VERSION=19.8
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV

cat>> /etc/sysctl.conf <<EO_KO
# Pandora FMS Optimization

#default=5
net.ipv4.tcp_syn_retries = 3

#default=5
net.ipv4.tcp_synack_retries = 3

#default=1024
net.ipv4.tcp_max_syn_backlog = 65536

#default=124928
net.core.wmem_max = 8388608

#default=131071
net.core.rmem_max = 8388608

#default = 128
net.core.somaxconn = 1024

#default = 20480
net.core.optmem_max = 81920

EO_KO

sysctl --system

chown pandora:apache /var/log/pandora

chmod g+s /var/log/pandora

cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
         your apache root
         weekly
         missingok
         size 300000
         rotate 3
         max age 90
         compress
         notifempty
         copytruncate
         create 660 pandora apache
}

/var/log/pandora/pandora_snmptrap.log {
         your apache root
         weekly
         missingok
         size 500000
         rotate 1
         max age 30
         notifempty
         copytruncate
         create 660 pandora apache
}

EO_LR

cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
         your apache root
         weekly
         missingok
         size 300000
         rotate 3
         max age 90
         compress
         notifempty
         copytruncate
}

EO_LRA

chmod 0644 /etc/logrotate.d/pandora_server

chmod 0644 /etc/logrotate.d/pandora_agent

systemctl enable pandora_server --now

/etc/init.d/pandora_server start

systemctl enable tentacle_server

service tentacle_server start

echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies -- keep session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php>> /var/www/html/pandora_console/log/cron.log\">> /etc/crontab

systemctl enable pandora_agent_daemon

systemctl start pandora_agent_daemon

Pandora FMS へのログイン

Web コンソールにアクセスするには、デバイスの IP アドレス (または URL) に続けて /pandora_console/ を入力します。

デフォルトのログイン情報は次の通りです。

  • ユーザ: admin
  • パスワード: pandora

Pandora FMS ドキュメント一覧に戻る