Instalación de Pandora ITSM en Ubuntu Server 22

Véase los “Requisitos mínimos”.

Requisitos previos

  • Ubuntu server 22.04 con derechos de usuario root.
  • Conexión a internet
  • 2 GB de memoria RAM y 10 GB de espacio en disco libre.
  • Definir variables:
  1. export DEBIAN_FRONTEND=noninteractive.
  2. export NEEDRESTART_SUSPEND=1

Herramientas básicas

apt update
apt install -y net-tools \
    vim \
    curl \
    sudo \
    wget \
    software-properties-common \
    apt-transport-https \
    ca-certificates \
    gnupg \
    lsb-release \
    gawk \
    sed \
    grep

Apache y PHP

add-apt-repository ppa:ondrej/php -y
 
apt update
apt install -y php8.2-fpm \
php8.2-common \
libapache2-mod-fcgid \
php8.2-cli \
apache2
 
a2enmod proxy_fcgi setenvif
a2enconf php8.2-fpm
 
systemctl restart php8.2-fpm
systemctl restart apache2

Dependencias de la Consola web Pandora ITSM

apt install -y ldap-utils \
    postfix \
    wget \
    libzstd1 \
    gir1.2-atk-1.0 \
    libavahi-common-data \
    cairo-perf-utils \
    libfribidi-bin \
    php8.2-curl \
    php8.2-fileinfo \
    php8.2-gd  \
    php8.2-gettext  \
    php8.2-imap  \
    php8.2-ldap \
    php8.2-mbstring \
    php8.2-mcrypt \
    php8.2-mysqli \
    php8.2-zip  \
    whois \
    cron

Deshabilitar AppArmor y UFW

systemctl stop ufw.service
systemctl disable ufw
systemctl stop apparmor
systemctl disable apparmor

Instalación de MySQL

curl -O https://repo.percona.com/apt/percona-release_latest.generic_all.deb
apt install -y gnupg2 lsb-release ./percona-release_latest.generic_all.deb
percona-release setup ps80
apt install -y percona-server-server percona-xtrabackup-80
systemctl start mysql
 
mysql -uroot
 
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'P4ndor4.itsm';
 
INSTALL COMPONENT 'file://component_validate_password';
 
CREATE DATABASE pandoraitsm;
 
CREATE USER  'pandoraitsm'@'%' IDENTIFIED BY 'P4ndor4.itsm';
 
ALTER USER 'pandoraitsm'@'%' IDENTIFIED WITH mysql_native_password BY 'P4ndor4.itsm';
 
GRANT ALL PRIVILEGES ON pandoraitsm.* TO 'pandoraitsm'@'%';
 
exit;
cat > /etc/mysql/my.cnf << EOF_DB
[mysqld]
datadir=/var/lib/mysql
user=mysql
character-set-server=utf8mb4
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora ITSM
# Please check the documentation in https://pandorafms.com/itsm/ for better results
 
max_allowed_packet = 64M
innodb_buffer_pool_size = $(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 300
thread_cache_size = 8
thread_stack    = 256K
max_connections = 100
 
key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M
 
skip-log-bin
 
sql_mode=""
 
log-error=/var/log/mysql/error.log
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
 
EOF_DB
systemctl restart mysql

Instalación de Pandora ITSM

curl -LSs --output \
IntegriaIMS_enterprise-latest.noarch.tar.gz \
"https://firefly.artica.es/KkGqio0L4jV0nfnThj6774eg1rZJQd1Y/IntegriaIMS_enterprise-latest.tar.gz"

Instalación de la Consola web Pandora ITSM

tar xvzf IntegriaIMS_enterprise-latest.noarch.tar.gz
 
cp -Ra integria_enterprise /var/www/html/integria
 
rm -f /var/www/html/integria/*.spec

Instalación de PM2

sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" >> /etc/apt/sources.list.d/nodesource.list
sudo apt-get update
sudo apt-get install nodejs -y
 
cd /var/www/html/integria/extras/chat_server
npm install pm2@latest -g
npm update
pm2 start server.js
pm2 save
pm2 startup
cat > /var/www/html/integria/extras/chat_server/config/config.js << EO_CONFIG_TMP
// If this file is modified, check the chat_set_default_values() function.
module.exports = {
  PORT: process.env.PORT || 5000,
  DBPORT: process.env.DBPORT || 3306,
  DBHOST: process.env.DBHOST || "127.0.0.1",
  DBDATABASE: process.env.DBDATABASE || "pandoraitsm",
  DBUSER: process.env.DBUSER || "pandoraitsm",
  DBPASS: process.env.DBPASS || "P4ndor4.itsm",
  DBLOGGIN: process.env.DBLOGGIN || console.log,
  HASH: process.env.HASH || "ef541cdc541a065d52c9a375223594219e3899343db4ef6d89eb664288528b18"
};
 
EO_CONFIG_TMP

Configuración para SSL

cat > /etc/apache2/conf-available/ssl-params.conf << EOF_PARAM
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 
    SSLHonorCipherOrder On
 
 
    Header always set X-Frame-Options DENY
 
    Header always set X-Content-Type-Options nosniff
 
    # Requires Apache >= 2.4
 
    SSLCompression off
 
    SSLUseStapling on
 
    SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
 
 
    # Requires Apache >= 2.4.11
 
    SSLSessionTickets Off
EOF_PARAM
a2enmod ssl
a2enmod headers
a2enmod rewrite
a2enconf ssl-params
a2ensite default-ssl
a2enconf ssl-params
apache2ctl configtest
 
systemctl restart apache2
systemctl enable mysql --now
systemctl enable apache2 --now
systemctl enable php8.2-fpm --now

Estructura y datos en MySQL

mysql -upandoraitsm -pP4ndor4.itsm
 
use pandoraitsm;
 
source /var/www/html/integria/integria_db.sql;
 
source /var/www/html/integria/integria_dbdata.sql;
 
exit;

Configuración de PHP y Apache2

cat > /var/www/html/integria/include/config.php << EO_CONFIG_F
<?php
\$config["dbtype"]="mysql";
\$config["dbname"]="pandoraitsm";
\$config["dbuser"]="pandoraitsm";
\$config["dbpass"]="P4ndor4.itsm";
\$config["dbhost"]="127.0.0.1";
\$config["homedir"]="/var/www/html/integria";
\$config["homeurl"]="/integria";        
error_reporting(0); 
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F
cat > /etc/apache2/conf-enabled/pandoraitsm_security.conf << EO_CONFIG_F
ServerTokens Prod
<Directory "/var/www/html">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
EO_CONFIG_F
chmod 600 /var/www/html/integria/include/config.php
 
chown -R www-data:www-data /var/www/html/integria
 
mv /var/www/html/integria/install.php /var/www/html/integria/install.done
sed -i -e "s/php_flag engine off//g" /var/www/html/integria/images/.htaccess
 
sed -i -e "s/php_flag engine off//g" /var/www/html/integria/attachment/.htaccess
 
ln -s /etc/php/8.2/fpm/php.ini /etc/
 
sed --follow-symlinks -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini
 
sed --follow-symlinks -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini
 
sed --follow-symlinks -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini
 
sed --follow-symlinks -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini
 
sed --follow-symlinks -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini
 
sed --follow-symlinks -i -e "s/^disable_functions/;disable_functions/" /etc/php.ini
 
echo 'TimeOut 900' > /etc/apache2/conf-enabled/timeout.conf
 
echo 'ProxyTimeout 300' >> /etc/apache2/conf-enabled/timeout.conf
cat > /var/www/html/index.html << EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/integria/">
EOF_INDEX
systemctl restart apache2
systemctl restart php8.2-fpm

Optimización del kernel

cat >> /etc/sysctl.conf <<EO_KO
# Pandora ITSM Optimization
 
# default=5
net.ipv4.tcp_syn_retries = 3
 
# default=5
net.ipv4.tcp_synack_retries = 3
 
# default=1024
net.ipv4.tcp_max_syn_backlog = 65536
 
# default=124928
net.core.wmem_max = 8388608
 
# default=131071
net.core.rmem_max = 8388608
 
# default = 128
net.core.somaxconn = 1024
 
# default = 20480
net.core.optmem_max = 81920
 
EO_KO
sysctl --system

Logrotate y Cron

cat > /etc/logrotate.d/pandora_itsm <<EO_LRA
/var/www/html/integria/integria.log
/var/www/html/integria/pandora_itsm.log  {
        weekly
        missingokas
        size 100000
        rotate 3
        maxage 15
        compress
        notifempty
        create 644 apache root
}
EO_LRA
 
 
chmod 0644 /etc/logrotate.d/pandora_itsm
 
 
echo "*/5 * * * * php /var/www/html/integria/include/integria_cron.php" >> /etc/crontab

Una vez finalizada la instalación realice la primera conexión a Pandora ITSM.