Guía de instalación Pandora FMS en Rocky Linux

Requisitos previos

  • Rocky Linux 8 con derechos de usuario root.
  • Conexión a internet.

Configuración de repositorios

dnf install -y \
 epel-release \
 tar \
 dnf-utils \
 http://rpms.remirepo.net/enterprise/remi-release-8.rpm

dnf module reset php

dnf module install -y php:remi-8.2

dnf config-manager --set-enabled powertools

Instalación de base de datos Percona

dnf install -y https://repo.percona.com/yum/percona-release-latest.noarch.rpm

dnf module disable -y mysql

rm -rf /etc/my.cnf

percona-release setup ps80 -y

dnf install -y percona-server-server percona-xtrabackup-80

Instalación de dependencias de Consola web

dnf install -y \
    php \
    postfix \
    php-mcrypt \
    php-cli \
    php-gd \
    php-curl \
    php-session \
    php-mysqlnd \
    php-ldap \
    php-zip \
    php-zlib \
    php-fileinfo \
    php-gettext \
    php-snmp \
    php-mbstring \
    php-pecl-zip \
    php-xmlrpc \
    libxslt \
    wget \
    php-xml \
    httpd \
    mod_php \
    atk \
    avahi-libs \
    cairo \
    cups-libs \
    fribidi \
    gd \
    gdk-pixbuf2 \
    ghostscript \
    graphite2 \
    graphviz \
    gtk2 \
    harfbuzz \
    hicolor-icon-theme \
    hwdata \
    jasper-libs \
    lcms2 \
    libICE \
    libSM \
    libXaw \
    libXcomposite \
    libXcursor \
    libXdamage \
    libXext \
    libXfixes \
    libXft \
    libXi \
    libXinerama \
    libXmu \
    libXrandr \
    libXrender \
    libXt \
    libXxf86vm \
    libcroco \
    libdrm \
    libfontenc \
    libglvnd \
    libglvnd-egl \
    libglvnd-glx \
    libpciaccess \
    librsvg2 \
    libthai \
    libtool-ltdl \
    libwayland-client \
    libwayland-server \
    libxshmfence \
    mesa-libEGL \
    mesa-libGL \
    mesa-libgbm \
    mesa-libglapi \
    pango \
    pixman \
    xorg-x11-fonts-75dpi \
    xorg-x11-fonts-misc \
    poppler-data \
    php-yaml \
    mod_ssl \
    libzstd \
    openldap-clients \
    http://firefly.pandorafms.com/centos8/chromium-110.0.5481.177-1.el7.x86_64.rpm \
    http://firefly.pandorafms.com/centos8/chromium-common-110.0.5481.177-1.el7.x86_64.rpm \
    http://firefly.pandorafms.com/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm \
    http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm

Instalación de dependencias de PFMS server

dnf install -y \
    perl \
    vim \
    fping \
    perl-IO-Compress \
    nmap \
    sudo \
    perl-Time-HiRes \
    nfdump \
    net-snmp-utils \
    'perl(NetAddr::IP)' \
    'perl(Sys::Syslog)' \
    'perl(DBI)' \
    'perl(XML::Simple)' \
    'perl(Geo::IP)' \
    'perl(IO::Socket::INET6)' \
    'perl(XML::Twig)' \
    expect \
    openssh-clients \
    java \
    bind-utils \
    whois \
    http://firefly.pandorafms.com/centos7/xprobe2-0.3-12.2.x86_64.rpm \
    http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
    https://firefly.pandorafms.com/centos8/pandorawmic-1.0.0-1.x86_64.rpm

Dependencias de Perl y VMware

dnf install -y \
    perl-Net-HTTP \
    perl-libwww-perl \
    openssl-devel \
    perl-Crypt-CBC \
    perl-Bytes-Random-Secure \
    perl-Crypt-Random-Seed \
    perl-Math-Random-ISAAC \
    perl-JSON \
    perl-Crypt-SSLeay \
    http://firefly.pandorafms.com/centos8/perl-Crypt-OpenSSL-AES-0.02-1.el8.x86_64.rpm \
    http://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm

Instalación del cliente Oracle

dnf install -y \
  https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-basic-19.8.0.0.0-1.x86_64.rpm \
  https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-sqlplus-19.8.0.0.0-1.x86_64.rpm

Instalación de dependencias para Discovery PFMS

curl https://packages.microsoft.com/config/rhel/8/prod.repo -o /etc/yum.repos.d/mssql-release.repo

dnf remove unixODBC-utf16 unixODBC-utf16-devel

env ACCEPT_EULA=Y dnf install -y msodbcsql17

Ajustes del sistema operativo y creación de base de datos

setenforce 0

sed -i -e "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config

systemctl disable firewalld --now

cat> /etc/my.cnf <<EO_CONFIG_TMP
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EO_CONFIG_TMP

systemctl start mysqld

grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev
mysql -uroot -p"contraseña";

SET PASSWORD FOR 'root'@'localhost' = 'Pandor4!';

UNINSTALL COMPONENT 'file://component_validate_password';

SET PASSWORD FOR 'root'@'localhost' = 'pandora';

CREATE DATABASE pandora;

CREATE USER 'pandora'@'%' IDENTIFIED BY 'pandora';

ALTER USER 'pandora'@'%' IDENTIFIED WITH mysql_native_password BY 'pandora';
GRANT ALL PRIVILEGES ON pandora.* TO 'pandora'@'%';

exit

POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")

cat> /etc/my.cnf <<EO_CONFIG_F
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
character-set-server=utf8mb4
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results

max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 300
thread_cache_size = 8
thread_stack    = 256K
max_connections = 100

key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M

skip-log-bin

sql_mode=""

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

EO_CONFIG_F

systemctl restart mysqld

systemctl enable mysqld --now

Instalación de la Consola y Pandora FMS server

wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm

wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.noarch.rpm

wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.noarch.rpm

dnf install -y ./pandorafms*.rpm

wget https://firefly.pandorafms.com/pandorafms/utils/gotty_linux_amd64.tar.gz

tar xvzf gotty_linux_amd64.tar.gz

mv gotty /usr/bin/

systemctl enable mysqld --now

systemctl enable httpd --now

mysql -upandora -ppandora
use pandora;

source /var/www/html/pandora_console/pandoradb.sql;

source /var/www/html/pandora_console/pandoradb_data.sql;

exit;

cat> /var/www/html/pandora_console/include/config.php <<EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="pandora";
\$config["dbuser"]="pandora";
\$config["dbpass"]="pandora";
\$config["dbhost"]="127.0.0.1";
\$config["homedir"]="/var/www/html/pandora_console";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F

cat> /etc/httpd/conf.d/pandora.conf <<EO_CONFIG_F
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
EO_CONFIG_F

cat>> /etc/httpd/conf.modules.d/00-proxy.conf <<'EO_HTTPD_MOD'
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

EO_HTTPD_MOD

cat>> /etc/httpd/conf.d/wstunnel.conf <<'EO_HTTPD_WSTUNNEL'
ProxyRequests Off
<Proxy *>
    Require all granted
</Proxy>

ProxyPass /ws ws://127.0.0.1:8080
ProxyPassReverse /ws ws://127.0.0.1:8080

EO_HTTPD_WSTUNNEL

sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/images/.htaccess

sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/attachment/.htaccess

chmod 600 /var/www/html/pandora_console/include/config.php

chown apache. /var/www/html/pandora_console/include/config.php

mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done

sed -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini

sed -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini

sed -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini

sed -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini

sed -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini

echo 'TimeOut 900'> /etc/httpd/conf.d/timeout.conf

cat> /var/www/html/index.html <<EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX

systemctl restart httpd

systemctl restart php-fpm

cat> /etc/snmp/snmptrapd.conf <<EOF
authCommunity log public
disableAuthorization yes
EOF

sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^#.mssql_driver.*/mssql_driver ODBC Driver 17 for SQL Server/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^fping.*|fping /usr/sbin/fping|g" /etc/pandora/pandora_server.conf

sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_server.conf

cat> /etc/pandora/pandora_server.env <<'EOF_ENV'
#!/bin/bash
VERSION=19.8
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV

cat>> /etc/sysctl.conf <<EO_KO
# Pandora FMS Optimization

# default=5
net.ipv4.tcp_syn_retries = 3

# default=5
net.ipv4.tcp_synack_retries = 3

# default=1024
net.ipv4.tcp_max_syn_backlog = 65536

# default=124928
net.core.wmem_max = 8388608

# default=131071
net.core.rmem_max = 8388608

# default = 128
net.core.somaxconn = 1024

# default = 20480
net.core.optmem_max = 81920

EO_KO

sysctl --system

chown pandora:apache /var/log/pandora

chmod g+s /var/log/pandora

cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
        create 660 pandora apache
}

/var/log/pandora/pandora_snmptrap.log {
        su root apache
        weekly
        missingok
        size 500000
        rotate 1
        maxage 30
        notifempty
        copytruncate
        create 660 pandora apache
}

EO_LR

cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
}

EO_LRA

chmod 0644 /etc/logrotate.d/pandora_server

chmod 0644 /etc/logrotate.d/pandora_agent

systemctl enable pandora_server --now

/etc/init.d/pandora_server start

systemctl enable tentacle_serverd

service tentacle_serverd start

echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php>> /var/www/html/pandora_console/log/cron.log\">> /etc/crontab

systemctl enable pandora_agent_daemon

systemctl start pandora_agent_daemon

Inicio de sesión en PFMS

Para acceder a la Consola web se ha de escribir la dirección IP (o URL) del dispositivo seguido de /pandora_console/ .

Las credenciales por defecto para entrar son:

  • usuario: admin
  • contraseña: pandora

Volver al índice de documentación de Pandora FMS