Hotfix release available: 2024-02-06b "Kaos".
upgrade now! [55.2] (what's this?)
Hotfix release available: 2024-02-06a "Kaos".
upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos".
upgrade now! [55] (what's this?)
Hotfix release available: 2023-04-04b "Jack Jackrum".
upgrade now! [54.2] (what's this?)
Numéro de tri d'indexmenu: 30
Guide d'installation de Pandora FMS sur un serveur Ubuntu
Prérequis
- Serveur Ubuntu 22.04 avec les droits d'utilisateur root.
- Connexion Internet.
Outils de base
Dans une fenêtre de terminal avec l'utilisateur root :
apt install -y gawk sed grep
rm -rf /opt/pandora/deploy mkdir -p /opt/pandora/deploy cd /opt/pandora/deploy
apt update apt install -y net-tools vim curl wget \ software-properties-common apt-transport-https\ ca-certificates gnupg lsb-release
Apache2 et PHP 8
add-apt-repository ppa:ondrej/php apt update apt upgrade apt install -y php8.0-fpm php8.0-common libapache2-mod-fcgid php8.0-cli apache2 a2enmod proxy_fcgi setenvif systemctl reload apache2 a2enconf php8.0-fpm systemctl restart php8.0-fpm
Dépendances de la console Web du PFMS
apt install -y \ ldap-utils postfix \ wget graphviz \ xfonts-75dpi xfonts-100dpi \ xfonts-ayu xfonts-intl-arabic \ xfonts-intl-asian xfonts-intl-phonetic \ xfonts-intl-japanese-big xfonts-intl-european \ xfonts-intl-chinese xfonts-intl-japanese \ xfonts-intl-chinese-big libzstd1 \ gir1.2-atk-1.0 libavahi-common-data\ cairo-perf-utils libfribidi-bin \ php8.0-mcrypt php8.0-gd \ php8.0-curl php8.0-mysql \ php8.0-ldap php8.0-fileinfo \ php8.0-gettext php8.0-snmp\ php8.0-mbstring php8.0-zip \ php8.0-xml rpc php8.0-xml \ php8.0-yaml libnet-telnet-perl\ whois cron
Dépendances du serveur PFMS
apt install -y \ perl nmap\ fping sudo \ net-tools nfdump \ expect openssh-client \ postfix unzip \ xprobe coreutils \ libmoosex-role-timer-perl libmoosex-perl \ libdbd-mysql-perl libcrypt-mysql-perl \ libhttp-request-ascgi-perl liblwp-useragent-chicaching-perl \ liblwp-protocol-https-perl snmp\ libnetaddr-ip-perl libio-socket-ssl-perl\ libio-socket-socks-perl libio-socket-ip-perl \ libio-socket-inet6-perl libnet-telnet-perl \ libjson-perl libencode-perl \ cron libgeo-ip-perl\ arping snmp-mibs-downloader \ openjdk-8-jdk
mkdir -m 0755 -p /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \ sudo gpg --yes --dearmor -o /etc/apt/keyrings/docker.gpg threw out \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \ sudo tee /etc/apt/sources.list.d/docker.list apt update -y apt-get install -y \ docker-ce docker-ce-cli containerd.io\ docker-buildx-plugin docker-compose-plugin systemctl disable docker --now systemctl disable docker.socket --now
Dépendances à superviser par WMI
curl -O https://firefly.pandorafms.com/pandorafms/utils/bin/wmic curl -O https://firefly.pandorafms.com/pandorafms/utils/bin/pandorawmic chmod +x pandorawmic wmic cp -a wmic /usr/bin/ cp -a pandorawmic /usr/bin/
Fping
rm -f /usr/sbin/fping ln -s /usr/bin/fping /usr/sbin/fping
Google Chrome Tool
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb dpkg -i google-chrome-stable_current_amd64.deb ln -s /usr/bin/google-chrome /usr/bin/chromium-browser
VMware Tool
apt install -y \ lib32z1 lib32z1 \ build-essential uuid uuid-dev \ libssl-dev perl-doc\ libxml-libxml-perl libcrypt-ssleay-perl \ libsoap-lite-perl libmodule-build-perl wget https://firefly.pandorafms.com/pandorafms/utils/VMware-vSphere-Perl-SDK-7.0.0-16453907.x86_64.tar.gz tar -xzvf VMware-vSphere-Perl-SDK-7.0.0-16453907.x86_64.tar.gz cd vmware-vsphere-cli-distrib/ sed --follow-symlinks -i -e "s/[^#].*show_EULA().*/ #show_EULA();/g" vmware-install.pl ./vmware-install.pl -default cd ..
Oracle outil client
mkdir -p /opt/oracle wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-basic-linux.x64-19.8.0.0.0dbru.zip wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-sqlplus-linux.x64-19.8.0.0.0dbru.zip rm -fr /opt/oracle/* unzip instantclient-basic-linux.x64-19.8.0.0.0dbru.zip -d /opt/oracle/ unzip instantclient-sqlplus-linux.x64-19.8.0.0.0dbru.zip -d /opt/oracle/
cat>> /root/.profile <<'EOF_ENV' #!/bin/bash VERSION=19.8 export PATH=$PATH:/opt/oracle/instantclient_19_8 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/oracle/instantclient_19_8 export ORACLE_HOME=/opt/oracle/instantclient_19_8 EOF_ENV
source '/root/.profile'
Dépendances IPAM
apt install -y \ xprobe libnetaddr-ip-perl \ coreutils libdbd-mysql-perl \ libxml-simple-perl libgeo-ip-perl \ libio-socket-inet6-perl libxml-twig-perl \ libnetaddr-ip-perl
Dépendances ODBC pour MS SQL
curl -sSL https://packages.microsoft.com/keys/microsoft.asc | \ tee /etc/apt/trusted.gpg.d/microsoft.asc curl -sSL https://packages.microsoft.com/config/ubuntu/20.04/prod.list | \ tee /etc/apt/sources.list.d/microsoft-prod.list apt update env ACCEPT_EULA=Y apt install -y msodbcsql17
AppArmor et Configuration UFW
systemctl stop ufw.service systemctl disable ufw systemctl stop apparmor systemctl disable apparmor
Installation MySQL
curl -O https://repo.percona.com/apt/percona-release_latest.generic_all.deb apt install -y gnupg2 lsb-release ./percona-release_latest.generic_all.deb percona-release setup ps80 apt install -y percona-server-server percona-xtrabackup-80
systemctl start mysql mysql -uroot -p ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'pandora'; create database pandora; CREATE USER pandora IDENTIFIED BY 'pandora'; ALTER USER 'pandora' IDENTIFIED WITH mysql_native_password BY 'pandora'; GRANT ALL PRIVILEGES ON pandora.* TO 'pandora'; exit;
cat> /etc/mysql/my.cnf <<EOF_DB [mysqld] datadir=/var/lib/mysql user=mysql character-set-server=utf8mb4 skip-character-set-client-handshake # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Mysql optimizations for Pandora FMS # Please check the documentation in http://pandorafms.com for better results max_allowed_packet = 64M innodb_buffer_pool_size = grep -i total /proc/meminfo | head-1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/..*$/M/g" innodb_lock_wait_timeout = 90 innodb_file_per_table innodb_flush_log_at_trx_commit = 0 innodb_flush_method = O_DIRECT innodb_log_file_size = 64M innodb_log_buffer_size = 16M innodb_io_capacity = 300 thread_cache_size = 8 thread_stack = 256K max_connections = 100 key_buffer_size=4M read_buffer_size=128K read_rnd_buffer_size=128K sort_buffer_size=128K join_buffer_size=4M skip-log-bin sql_mode="" log-error=/var/log/mysql/error.log [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid EOF_DB
systemctl restart mysql
Installation de Pandora FMS
Les liens de téléchargement pour les installateurs du PFMS server et de la Console Web peuvent être demandés via ce lien et obtenir un essai gratuit (si vous avez déjà une licence, vous pouvez accéder via Warp Update On Line).
wget https://firefly.pandorafms.com/pandorafms/LTS/pandorafms_one_agent_linux-lts.tar.gz
Installation de la console PFMS
Dans ce cas, il s'agit de la dernière version LTS (le nom du fichier peut être différent):
tar xvzf pandorafms_server-lts.tar.gz cp -Ra pandora_console /var/www/html/ rm -f /var/www/html/pandora_console/*.spec
Installation du serveur PFMS
Dans ce cas, il s'agit de la dernière version LTS (le nom du fichier peut être différent):
useradd pandora mv pandorafms_server-7.0NG.tar.gz /opt/pandora/deploy/ cd /opt/pandora/deploy tar xvfz pandorafms_server-lts.tar.gz cd pandora_server ./pandora_server_installer --install
Installation de l'agent PFMS
apt install -y libyaml-tiny-perl perl coreutils wget curl unzip procps python3 python3-pip mv pandorafms_agent_linux-7.0NG.tar.gz /opt/pandora/deploy/ cd /opt/pandora/deploy tar xvzf pandorafms_one_agent_linux-lts.tar.gz unix cd ./pandora_agent_installer --install cp -a tentacle_client /usr/local/bin/
Installation GoTTY
cd /opt/pandora/deploy wget https://firefly.pandorafms.com/pandorafms/utils/gotty_linux_amd64.tar.gz tar xvzf gotty_linux_amd64.tar.gz mv gotty /usr/bin/
Configuration pour SSL
cat> /etc/apache2/conf-available/ssl-params.conf <<EOF_PARAM SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder On Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff # Requires Apache>= 2.4 SSLCompression off SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)" # Requires Apache>= 2.4.11 SSLSessionTickets Off EOF_PARAM
a2enmod ssl a2enmod headers a2enmod rewrite a2enconf ssl-params a2ensite default-ssl a2enconf ssl-params apache2ctl configtest systemctl restart apache2 systemctl enable mysql --now systemctl enable apache2 --now systemctl enable php8.0-fpm --now
Structure et données dans MySQL
mysql -uroot -ppandora wear pandora; source /var/www/html/pandora_console/pandoradb.sql source /var/www/html/pandora_console/pandoradb_data.sql exit;
Configuration de PHP et d'Apache2
cat> /var/www/html/pandora_console/include/config.php <<EO_CONFIG_F <?php \$config["dbtype"] = "mysql"; \$config["dbname"]="pandora"; \$config["dbuser"]="pandora"; \$config["dbpass"]="pandora"; \$config["dbhost"]="127.0.0.1"; \$config["homedir"]="/var/www/html/pandora_console"; \$config["homeurl"]="/pandora_console"; error_reporting(0); \$ownDir = dirname(__FILE__) . '/'; include (\$ownDir . "config_process.php"); EO_CONFIG_F
cat> /etc/apache2/conf-enabled/pandora_security.conf <<EO_CONFIG_F ServerTokens Prod <Directory "/var/www/html"> Options FollowSymLinks AllowOverride All Require all granted </Directory> EO_CONFIG_F
chmod 600 /var/www/html/pandora_console/include/config.php chown -R www-data:www-data /var/www/html/pandora_console mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done
ln -s /etc/php/8.0/fpm/php.ini /etc/ sed --follow-symlinks -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini sed --follow-symlinks -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini sed --follow-symlinks -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini sed --follow-symlinks -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini sed --follow-symlinks -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini sed --follow-symlinks -i -e "s/^disable_functions/;disable_functions/" /etc/php.ini
cat> /var/www/html/index.html <<EOF_INDEX <meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/"> EOF_INDEX systemctl restart apache2 systemctl restart php8.0-fpm
Configuration de l'agent et du serveur PFMS
cat> /etc/snmp/snmptrapd.conf <<EOF authCommunity log public disableAuthorization yes EOF
sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf sed -i -e "s/^#.mssql_driver.*/mssql_driver 17/g" /etc/pandora/pandora_server.conf
grep -q "group www-data" /etc/pandora/pandora_server.conf || \ cat>> /etc/pandora/pandora_server.conf<<EOF_G #Adding group www-data to assigning remote-config permission correctly for ubuntu 22.04 group www-data EOF_G
sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_agent.conf
cat> /etc/pandora/pandora_server.env <<'EOF_ENV' #!/bin/bash VERSION=19.8 export PATH=$PATH:/opt/oracle/instantclient_19_8 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/oracle/instantclient_19_8 export ORACLE_HOME=/opt/oracle/instantclient_19_8 export OPENSSL_CONF=/etc/ssl EOF_ENV
cat>> /etc/sysctl.conf <<EO_KO # Pandora FMS Optimization #default=5 net.ipv4.tcp_syn_retries = 3 #default=5 net.ipv4.tcp_synack_retries = 3 #default=1024 net.ipv4.tcp_max_syn_backlog = 65536 #default=124928 net.core.wmem_max = 8388608 #default=131071 net.core.rmem_max = 8388608 #default = 128 net.core.somaxconn = 1024 #default = 20480 net.core.optmem_max = 81920 EO_KO sysctl --system
chown pandora: www-data /var/log/pandora chmod g+s /var/log/pandora cat> /etc/logrotate.d/pandora_server <<EO_LR /var/log/pandora/pandora_server.log /var/log/pandora/web_socket.log /var/log/pandora/pandora_server.error { your apache root weekly missingok size 300000 rotate 3 max age 90 compress notifempty copytruncate create 660 pandora apache } /var/log/pandora/pandora_snmptrap.log { your apache root weekly missingok size 500000 rotate 1 max age 30 notifempty copytruncate create 660 pandora apache } EO_LR
cat> /etc/logrotate.d/pandora_agent <<EO_LRA /var/log/pandora/pandora_agent.log { your apache root weekly missingok size 300000 rotate 3 max age 90 compress notifempty copytruncate } EO_LRA chmod 0644 /etc/logrotate.d/pandora_server chmod 0644 /etc/logrotate.d/pandora_agent
Tentacle et cron
/etc/init.d/pandora_server start systemctl enablepandora_server service tentacle_server start systemctl enable tentacle_server
echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep -session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php>> $PANDORA_CONSOLE/log/cron.log">> /etc/crontab echo "@hourly root bash -c /etc/cron.hourly/pandora_db">> /etc/crontab
Configuration distante de l'agent :
sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_agent.conf /etc/init.d/pandora_agent_daemon start systemctl enable pandora_agent_daemon
Connexion au PFMS
Pour accéder à la console Web, tapez l'adresse IP (ou URL) de l'appareil suivie de /pandora_console/
.
Les identifiants de connexion par défaut sont les suivants
- utilisateur:
admin
- mot de passe:
pandora
fr/documentation/pandorafms/technical_annexes/30_pfms_install_latest_ubuntu_server.txt · Dernière modification : 2024/12/03 19:32 de 127.0.0.1