Guide d'installation de Pandora FMS sur Rocky Linux

Exigences préalables

Rocky Linux 8 avec des droits d'utilisateur root.
Connexion à l'internet.

Configuration du référentiel

dnf install -y \
 epel-release \
 tar \
 dnf-utils \
 http://rpms.remirepo.net/enterprise/remi-release-8.rpm

dnf module reset php

dnf module install -y php:remi-8.2

dnf config-manager --set-enabled powertools

Installation de la base de données Percona

dnf install -y https://repo.percona.com/yum/percona-release-latest.noarch.rpm

dnf module disable -y mysql

rm -rf /etc/my.cnf

percona-release setup ps80 -y

dnf install -y percona-server-server percona-xtrabackup-80

Installation des dépendances de la console Web

dnf install -y \
    php \
    postfix \
    php-mcrypt \
    php-cli \
    php-gd \
    php-curl \
    php-session \
    php-mysqlnd \
    php-ldap \
    php-zip \
    php-zlib \
    php-fileinfo \
    php-gettext \
    php-snmp \
    php-mbstring \
    php-pecl-zip \
    php-xmlrpc \
    php-fpm \
    php-xml \
    php-yaml \
    libxslt \
    wget \
    httpd \
    mod_php \
    atk \
    avahi-libs \
    cairo \
    cups-libs \
    fribidi \
    gd \
    gdk-pixbuf2 \
    ghostscript \
    graphite2 \
    graphviz \
    gtk2 \
    harfbuzz \
    hicolor-icon-theme \
    hwdata \
    jasper-libs \
    lcms2 \
    libICE \
    libSM \
    libXaw \
    libXcomposite \
    libXcursor \
    libXdamage \
    libXext \
    libXfixes \
    libXft \
    libXi \
    libXinerama \
    libXmu \
    libXrandr \
    libXrender \
    libXt \
    libXxf86vm \
    libcroco \
    libdrm \
    libfontenc \
    libglvnd \
    libglvnd-egl \
    libglvnd-glx \
    libpciaccess \
    librsvg2 \
    libthai \
    libtool-ltdl \
    libwayland-client \
    libwayland-server \
    libxshmfence \
    mesa-libEGL \
    mesa-libGL \
    mesa-libgbm \
    mesa-libglapi \
    pango \
    pixman \
    xorg-x11-fonts-75dpi \
    xorg-x11-fonts-misc \
    poppler-data \
    mod_ssl \
    libzstd \
    openldap-clients \
    https://firefly.pandorafms.com/centos8/chromium-122.0.6261.128-1.el8.x86_64.rpm \
    https://firefly.pandorafms.com/centos8/chromium-common-122.0.6261.128-1.el8.x86_64.rpm \
    http://firefly.pandorafms.com/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm \
    http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm

Installation des dépendances du serveur PFMS

dnf install -y \
    perl \
    vim \
    fping \
    perl-IO-Compress \
    nmap \
    sudo \
    perl-Time-HiRes \
    nfdump \
    net-snmp-utils \
    'perl(NetAddr::IP)' \
    'perl(Sys::Syslog)' \
    'perl(DBI)' \
    'perl(XML::Simple)' \
    'perl(Geo::IP)' \
    'perl(IO::Socket::INET6)' \
    'perl(XML::Twig)' \
    expect \
    openssh-clients \
    java \
    bind-utils \
    whois \
    libnsl \
    http://firefly.pandorafms.com/centos7/xprobe2-0.3-12.2.x86_64.rpm \
    http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
    https://firefly.pandorafms.com/centos8/pandorawmic-1.0.0-1.x86_64.rpm

Dépendances Perl et VMware

dnf install -y \
    perl-Net-HTTP \
    perl-libwww-perl \
    openssl-devel \
    perl-Crypt-CBC \
    perl-Bytes-Random-Secure \
    perl-Crypt-Random-Seed \
    perl-Math-Random-ISAAC \
    perl-JSON \
    perl-Crypt-SSLeay \
    http://firefly.pandorafms.com/centos8/perl-Crypt-OpenSSL-AES-0.02-1.el8.x86_64.rpm \
    http://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm

Installation du client Oracle

dnf install -y \
  https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-basic-19.8.0.0.0-1.x86_64.rpm \
  https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-sqlplus-19.8.0.0.0-1.x86_64.rpm

Installation des dépendances pour Discovery PFMS

curl https://packages.microsoft.com/config/rhel/8/prod.repo -o /etc/yum.repos.d/mssql-release.repo

dnf remove unixODBC-utf16 unixODBC-utf16-devel

env ACCEPT_EULA=Y dnf install -y msodbcsql17

Paramètres du système d'exploitation et création de la base de données

setenforce 0
 
sed -i -e "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config
 
systemctl disable firewalld --now

cat> /etc/my.cnf <<EO_CONFIG_TMP
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EO_CONFIG_TMP

systemctl start mysqld
 
grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev

Avec le mot de passe obtenu à l'étape précédente, il faut l'exécuter:

mysql -uroot -p" < password >";

Et dans l'interface de commande MySQL:

SET PASSWORD FOR 'root'@'localhost' = 'Pandor4!';
 
CREATE DATABASE 'pandora';
 
CREATE USER 'pandora'@'%' IDENTIFIED WITH 'caching_sha2_password' BY 'Pandor4!';
 
GRANT ALL PRIVILEGES ON 'pandora'.'*' TO 'pandora'@'%';
 
EXIT;

POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")
 
cat> /etc/my.cnf <<EO_CONFIG_F
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
character-set-server=utf8mb4
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
 
max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 300
thread_cache_size = 8
thread_stack    = 256K
max_connections = 100
 
key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M
 
skip-log-bin
 
sql_mode=""
 
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
 
EO_CONFIG_F

systemctl restart mysqld
 
systemctl enable mysqld --now

Installation de la console et du serveur Pandora FMS

Les liens de téléchargement pour les installateurs du PFMS server et de la Console Web peuvent être demandés via ce lien et obtenir un essai (démo) gratuit.

Pour installer l'agent logiciel PFMS:

wget https://firefly.pandorafms.com/pandorafms/latest/pandorafms_one_agent_linux_bin-latest.el8.x86_64.rpm

dnf install -y ./pandorafms*.rpm

wget https://firefly.pandorafms.com/pandorafms/utils/gotty_linux_amd64.tar.gz
 
tar xvzf gotty_linux_amd64.tar.gz
 
mv gotty /usr/bin/

systemctl enable mysqld --now
 
systemctl enable httpd --now

mysql -upandora -ppandora

USE pandora;
 
SOURCE /var/www/html/pandora_console/pandoradb.sql;
 
SOURCE /var/www/html/pandora_console/pandoradb_data.sql;
 
exit;

cat> /var/www/html/pandora_console/include/config.php <<EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="pandora";
\$config["dbuser"]="pandora";
\$config["dbpass"]="Pandor4!";
\$config["dbhost"]="127.0.0.1";
\$config["homedir"]="/var/www/html/pandora_console";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F

cat> /etc/httpd/conf.d/pandora.conf <<EO_CONFIG_F
ServerTokens Prod
<Directory "/var/www/html">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
EO_CONFIG_F

sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/images/.htaccess
 
sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/attachment/.htaccess

chmod 600 /var/www/html/pandora_console/include/config.php
 
chown apache. /var/www/html/pandora_console/include/config.php
 
mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done

sed -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini
 
sed -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini
 
sed -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini
 
sed -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini
 
sed -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini

echo 'TimeOut 900'> /etc/httpd/conf.d/timeout.conf
 
cat> /var/www/html/index.html <<EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX

systemctl restart httpd
 
systemctl restart php-fpm

cat> /etc/snmp/snmptrapd.conf <<EOF
authCommunity log public
disableAuthorization yes
EOF

sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf
 
sed -i -e "s/^#.mssql_driver.*/mssql_driver ODBC Driver 17 for SQL Server/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^fping.*|fping /usr/sbin/fping|g" /etc/pandora/pandora_server.conf

sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_server.conf

cat> /etc/pandora/pandora_server.env <<'EOF_ENV'
#!/bin/bash
VERSION=19.8
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV

cat>> /etc/sysctl.conf <<EO_KO
# Pandora FMS Optimization
 
# default=5
net.ipv4.tcp_syn_retries = 3
 
# default=5
net.ipv4.tcp_synack_retries = 3
 
# default=1024
net.ipv4.tcp_max_syn_backlog = 65536
 
# default=124928
net.core.wmem_max = 8388608
 
# default=131071
net.core.rmem_max = 8388608
 
# default = 128
net.core.somaxconn = 1024
 
# default = 20480
net.core.optmem_max = 81920
 
EO_KO

sysctl --system
 
chown pandora:apache /var/log/pandora
 
chmod g+s /var/log/pandora

cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
        create 660 pandora apache
}
 
/var/log/pandora/pandora_snmptrap.log {
        su root apache
        weekly
        missingok
        size 500000
        rotate 1
        maxage 30
        notifempty
        copytruncate
        create 660 pandora apache
}
 
EO_LR
 
cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
}
 
EO_LRA

chmod 0644 /etc/logrotate.d/pandora_server
 
chmod 0644 /etc/logrotate.d/pandora_agent

systemctl enable pandora_server --now
 
systemctl start pandora_server
 
systemctl enable tentacle_serverd
 
service tentacle_serverd start

echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php>> /var/www/html/pandora_console/log/cron.log\">> /etc/crontab

systemctl enable pandora_agent_daemon
 
systemctl start pandora_agent_daemon

Connexion à PFMS

Pour accéder à la console Web, tapez l'adresse IP (ou URL) de l'appareil suivie de /pandora_console/ .

Les identifiants de connexion par défaut sont :

utilisateur : admin
mot de passe : pandora

Retour à l'index de la documentation de Pandora FMS

Table des matières