Instalación de Pandora ITSM en Ubuntu Server 22
Véase los “Requisitos mínimos”.
Requisitos previos
- Ubuntu server 22.04 con derechos de usuario root.
- Conexión a internet
- 2 GB de memoria RAM y 10 GB de espacio en disco libre.
- Definir variables:
export DEBIAN_FRONTEND=noninteractive
.export NEEDRESTART_SUSPEND=1
Herramientas básicas
apt update apt install -y net-tools \ vim \ curl \ sudo \ wget \ software-properties-common \ apt-transport-https \ ca-certificates \ gnupg \ lsb-release \ gawk \ sed \ grep
Apache y PHP
add-apt-repository ppa:ondrej/php -y apt update apt install -y php8.2-fpm \ php8.2-common \ libapache2-mod-fcgid \ php8.2-cli \ apache2 a2enmod proxy_fcgi setenvif a2enconf php8.2-fpm systemctl restart php8.2-fpm systemctl restart apache2
Dependencias de la Consola web Pandora ITSM
apt install -y ldap-utils \ postfix \ wget \ libzstd1 \ gir1.2-atk-1.0 \ libavahi-common-data \ cairo-perf-utils \ libfribidi-bin \ php8.2-curl \ php8.2-fileinfo \ php8.2-gd \ php8.2-gettext \ php8.2-imap \ php8.2-ldap \ php8.2-mbstring \ php8.2-mcrypt \ php8.2-mysqli \ php8.2-zip \ whois \ cron
Deshabilitar AppArmor y UFW
systemctl stop ufw.service systemctl disable ufw systemctl stop apparmor systemctl disable apparmor
Instalación de MySQL
curl -O https://repo.percona.com/apt/percona-release_latest.generic_all.deb apt install -y gnupg2 lsb-release ./percona-release_latest.generic_all.deb percona-release setup ps80 apt install -y percona-server-server percona-xtrabackup-80
systemctl start mysql mysql -uroot ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'P4ndor4.itsm'; INSTALL COMPONENT 'file://component_validate_password'; CREATE DATABASE pandoraitsm; CREATE USER 'pandoraitsm'@'%' IDENTIFIED BY 'P4ndor4.itsm'; ALTER USER 'pandoraitsm'@'%' IDENTIFIED WITH mysql_native_password BY 'P4ndor4.itsm'; GRANT ALL PRIVILEGES ON pandoraitsm.* TO 'pandoraitsm'@'%'; exit;
cat > /etc/mysql/my.cnf << EOF_DB [mysqld] datadir=/var/lib/mysql user=mysql character-set-server=utf8mb4 skip-character-set-client-handshake # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Mysql optimizations for Pandora ITSM # Please check the documentation in https://pandorafms.com/itsm/ for better results max_allowed_packet = 64M innodb_buffer_pool_size = $(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g") innodb_lock_wait_timeout = 90 innodb_file_per_table innodb_flush_log_at_trx_commit = 0 innodb_flush_method = O_DIRECT innodb_log_file_size = 64M innodb_log_buffer_size = 16M innodb_io_capacity = 300 thread_cache_size = 8 thread_stack = 256K max_connections = 100 key_buffer_size=4M read_buffer_size=128K read_rnd_buffer_size=128K sort_buffer_size=128K join_buffer_size=4M skip-log-bin sql_mode="" log-error=/var/log/mysql/error.log [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid EOF_DB
systemctl restart mysql
Instalación de Pandora ITSM
curl -LSs --output \ IntegriaIMS_enterprise-latest.noarch.tar.gz \ "https://firefly.artica.es/KkGqio0L4jV0nfnThj6774eg1rZJQd1Y/IntegriaIMS_enterprise-latest.tar.gz"
Instalación de la Consola web Pandora ITSM
tar xvzf IntegriaIMS_enterprise-latest.noarch.tar.gz cp -Ra integria_enterprise /var/www/html/integria rm -f /var/www/html/integria/*.spec
Instalación de PM2
sudo mkdir -p /etc/apt/keyrings curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" >> /etc/apt/sources.list.d/nodesource.list
sudo apt-get update sudo apt-get install nodejs -y cd /var/www/html/integria/extras/chat_server npm install pm2@latest -g npm update pm2 start server.js pm2 save pm2 startup
cat > /var/www/html/integria/extras/chat_server/config/config.js << EO_CONFIG_TMP // If this file is modified, check the chat_set_default_values() function. module.exports = { PORT: process.env.PORT || 5000, DBPORT: process.env.DBPORT || 3306, DBHOST: process.env.DBHOST || "127.0.0.1", DBDATABASE: process.env.DBDATABASE || "pandoraitsm", DBUSER: process.env.DBUSER || "pandoraitsm", DBPASS: process.env.DBPASS || "P4ndor4.itsm", DBLOGGIN: process.env.DBLOGGIN || console.log, HASH: process.env.HASH || "ef541cdc541a065d52c9a375223594219e3899343db4ef6d89eb664288528b18" }; EO_CONFIG_TMP
Configuración para SSL
cat > /etc/apache2/conf-available/ssl-params.conf << EOF_PARAM SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder On Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff # Requires Apache >= 2.4 SSLCompression off SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)" # Requires Apache >= 2.4.11 SSLSessionTickets Off EOF_PARAM
a2enmod ssl a2enmod headers a2enmod rewrite a2enconf ssl-params a2ensite default-ssl a2enconf ssl-params apache2ctl configtest systemctl restart apache2 systemctl enable mysql --now systemctl enable apache2 --now systemctl enable php8.2-fpm --now
Estructura y datos en MySQL
mysql -upandoraitsm -pP4ndor4.itsm use pandoraitsm; source /var/www/html/integria/integria_db.sql; source /var/www/html/integria/integria_dbdata.sql; exit;
Configuración de PHP y Apache2
cat > /var/www/html/integria/include/config.php << EO_CONFIG_F <?php \$config["dbtype"]="mysql"; \$config["dbname"]="pandoraitsm"; \$config["dbuser"]="pandoraitsm"; \$config["dbpass"]="P4ndor4.itsm"; \$config["dbhost"]="127.0.0.1"; \$config["homedir"]="/var/www/html/integria"; \$config["homeurl"]="/integria"; error_reporting(0); \$ownDir = dirname(__FILE__) . '/'; include (\$ownDir . "config_process.php"); EO_CONFIG_F
cat > /etc/apache2/conf-enabled/pandoraitsm_security.conf << EO_CONFIG_F ServerTokens Prod <Directory "/var/www/html"> Options FollowSymLinks AllowOverride All Require all granted </Directory> EO_CONFIG_F
chmod 600 /var/www/html/integria/include/config.php chown -R www-data:www-data /var/www/html/integria mv /var/www/html/integria/install.php /var/www/html/integria/install.done
sed -i -e "s/php_flag engine off//g" /var/www/html/integria/images/.htaccess sed -i -e "s/php_flag engine off//g" /var/www/html/integria/attachment/.htaccess ln -s /etc/php/8.2/fpm/php.ini /etc/ sed --follow-symlinks -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini sed --follow-symlinks -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini sed --follow-symlinks -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini sed --follow-symlinks -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini sed --follow-symlinks -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini sed --follow-symlinks -i -e "s/^disable_functions/;disable_functions/" /etc/php.ini echo 'TimeOut 900' > /etc/apache2/conf-enabled/timeout.conf echo 'ProxyTimeout 300' >> /etc/apache2/conf-enabled/timeout.conf
cat > /var/www/html/index.html << EOF_INDEX <meta HTTP-EQUIV="REFRESH" content="0; url=/integria/"> EOF_INDEX
systemctl restart apache2 systemctl restart php8.2-fpm
Optimización del kernel
cat >> /etc/sysctl.conf <<EO_KO # Pandora ITSM Optimization # default=5 net.ipv4.tcp_syn_retries = 3 # default=5 net.ipv4.tcp_synack_retries = 3 # default=1024 net.ipv4.tcp_max_syn_backlog = 65536 # default=124928 net.core.wmem_max = 8388608 # default=131071 net.core.rmem_max = 8388608 # default = 128 net.core.somaxconn = 1024 # default = 20480 net.core.optmem_max = 81920 EO_KO
sysctl --system
Logrotate y Cron
cat > /etc/logrotate.d/pandora_itsm <<EO_LRA /var/www/html/integria/integria.log /var/www/html/integria/pandora_itsm.log { weekly missingokas size 100000 rotate 3 maxage 15 compress notifempty create 644 apache root } EO_LRA chmod 0644 /etc/logrotate.d/pandora_itsm echo "*/5 * * * * php /var/www/html/integria/include/integria_cron.php" >> /etc/crontab
Una vez finalizada la instalación realice la primera conexión a Pandora ITSM.