Hotfix release available: 2024-02-06b "Kaos". upgrade now! [55.2] (what's this?)
Hotfix release available: 2024-02-06a "Kaos". upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos". upgrade now! [55] (what's this?)
Hotfix release available: 2023-04-04b "Jack Jackrum". upgrade now! [54.2] (what's this?)
Numéro de tri d'indexmenu: 30

Guide d'installation de Pandora FMS sur un serveur Ubuntu

Prérequis

  • Serveur Ubuntu 22.04 avec les droits d'utilisateur root.
  • Connexion Internet.

Outils de base

Dans une fenêtre de terminal avec l'utilisateur root :

apt install -y gawk sed grep

rm -rf /opt/pandora/deploy
mkdir -p /opt/pandora/deploy
cd /opt/pandora/deploy

apt update
apt install -y net-tools vim curl wget \
  software-properties-common apt-transport-https\
  ca-certificates gnupg lsb-release

Apache2 et PHP 8

add-apt-repository ppa:ondrej/php
apt update
apt upgrade
apt install -y php8.0-fpm php8.0-common libapache2-mod-fcgid php8.0-cli apache2
a2enmod proxy_fcgi setenvif
systemctl reload apache2
a2enconf php8.0-fpm
systemctl restart php8.0-fpm

Dépendances de la console Web du PFMS

apt install -y \
  ldap-utils postfix \
  wget graphviz \
  xfonts-75dpi xfonts-100dpi \
  xfonts-ayu xfonts-intl-arabic \
  xfonts-intl-asian xfonts-intl-phonetic \
  xfonts-intl-japanese-big xfonts-intl-european \
  xfonts-intl-chinese xfonts-intl-japanese \
  xfonts-intl-chinese-big libzstd1 \
  gir1.2-atk-1.0 libavahi-common-data\
  cairo-perf-utils libfribidi-bin \
  php8.0-mcrypt php8.0-gd \
  php8.0-curl php8.0-mysql \
  php8.0-ldap php8.0-fileinfo \
  php8.0-gettext php8.0-snmp\
  php8.0-mbstring php8.0-zip \
  php8.0-xml rpc php8.0-xml \
  php8.0-yaml libnet-telnet-perl\
  whois cron

Dépendances du serveur PFMS

apt install -y \
  perl nmap\
  fping sudo \
  net-tools nfdump \
  expect openssh-client \
  postfix unzip \
  xprobe coreutils \
  libmoosex-role-timer-perl libmoosex-perl \
  libdbd-mysql-perl libcrypt-mysql-perl \
  libhttp-request-ascgi-perl liblwp-useragent-chicaching-perl \
  liblwp-protocol-https-perl snmp\
  libnetaddr-ip-perl libio-socket-ssl-perl\
  libio-socket-socks-perl libio-socket-ip-perl \
  libio-socket-inet6-perl libnet-telnet-perl \
  libjson-perl libencode-perl \
  cron libgeo-ip-perl\
  arping snmp-mibs-downloader \
  openjdk-8-jdk

mkdir -m 0755 -p /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
  sudo gpg --yes --dearmor -o /etc/apt/keyrings/docker.gpg

threw out \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list

apt update -y
apt-get install -y \
  docker-ce docker-ce-cli containerd.io\
  docker-buildx-plugin docker-compose-plugin

systemctl disable docker --now
systemctl disable docker.socket --now

Dépendances à superviser par WMI

curl -O https://firefly.pandorafms.com/pandorafms/utils/bin/wmic
curl -O https://firefly.pandorafms.com/pandorafms/utils/bin/pandorawmic
chmod +x pandorawmic wmic
cp -a wmic /usr/bin/
cp -a pandorawmic /usr/bin/

Fping

rm -f /usr/sbin/fping
ln -s /usr/bin/fping /usr/sbin/fping

Google Chrome Tool

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
dpkg -i google-chrome-stable_current_amd64.deb
ln -s /usr/bin/google-chrome /usr/bin/chromium-browser

VMware Tool

apt install -y \
  lib32z1 lib32z1 \
  build-essential uuid uuid-dev \
  libssl-dev perl-doc\
  libxml-libxml-perl libcrypt-ssleay-perl \
  libsoap-lite-perl libmodule-build-perl
wget https://firefly.pandorafms.com/pandorafms/utils/VMware-vSphere-Perl-SDK-7.0.0-16453907.x86_64.tar.gz
tar -xzvf VMware-vSphere-Perl-SDK-7.0.0-16453907.x86_64.tar.gz
cd vmware-vsphere-cli-distrib/
sed --follow-symlinks -i -e "s/[^#].*show_EULA().*/ #show_EULA();/g" vmware-install.pl
./vmware-install.pl -default
cd ..

Oracle outil client

mkdir -p /opt/oracle
wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-basic-linux.x64-19.8.0.0.0dbru.zip
wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-sqlplus-linux.x64-19.8.0.0.0dbru.zip
rm -fr /opt/oracle/*
unzip instantclient-basic-linux.x64-19.8.0.0.0dbru.zip -d /opt/oracle/
unzip instantclient-sqlplus-linux.x64-19.8.0.0.0dbru.zip -d /opt/oracle/

cat>> /root/.profile <<'EOF_ENV'
#!/bin/bash
VERSION=19.8
export PATH=$PATH:/opt/oracle/instantclient_19_8
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/oracle/instantclient_19_8
export ORACLE_HOME=/opt/oracle/instantclient_19_8
EOF_ENV
source '/root/.profile'

Dépendances IPAM

apt install -y \
  xprobe libnetaddr-ip-perl \
  coreutils libdbd-mysql-perl \
  libxml-simple-perl libgeo-ip-perl \
  libio-socket-inet6-perl libxml-twig-perl \
  libnetaddr-ip-perl

Dépendances ODBC pour MS SQL

curl -sSL https://packages.microsoft.com/keys/microsoft.asc | \
  tee /etc/apt/trusted.gpg.d/microsoft.asc
curl -sSL https://packages.microsoft.com/config/ubuntu/20.04/prod.list | \
  tee /etc/apt/sources.list.d/microsoft-prod.list
apt update
env ACCEPT_EULA=Y apt install -y msodbcsql17

AppArmor et Configuration UFW

systemctl stop ufw.service
systemctl disable ufw
systemctl stop apparmor
systemctl disable apparmor

Installation MySQL

curl -O https://repo.percona.com/apt/percona-release_latest.generic_all.deb
apt install -y gnupg2 lsb-release ./percona-release_latest.generic_all.deb
percona-release setup ps80
apt install -y percona-server-server percona-xtrabackup-80

systemctl start mysql

mysql -uroot -p

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'pandora';

create database pandora;

CREATE USER pandora IDENTIFIED BY 'pandora';

ALTER USER 'pandora' IDENTIFIED WITH mysql_native_password BY 'pandora';

GRANT ALL PRIVILEGES ON pandora.* TO 'pandora';

exit;

cat> /etc/mysql/my.cnf <<EOF_DB
[mysqld]
datadir=/var/lib/mysql
user=mysql
character-set-server=utf8mb4
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
max_allowed_packet = 64M
innodb_buffer_pool_size = grep -i total /proc/meminfo | head-1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/..*$/M/g"
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 300
thread_cache_size = 8
thread_stack = 256K
max_connections = 100
key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M
skip-log-bin
sql_mode=""
log-error=/var/log/mysql/error.log
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF_DB

  systemctl restart mysql

Installation de Pandora FMS


Les liens de téléchargement pour les installateurs du PFMS server et de la Console Web peuvent être demandés via ce lien et obtenir un essai gratuit (si vous avez déjà une licence, vous pouvez accéder via Warp Update On Line).


wget https://firefly.pandorafms.com/pandorafms/LTS/pandorafms_one_agent_linux-lts.tar.gz

Installation de la console PFMS

Dans ce cas, il s'agit de la dernière version LTS (le nom du fichier peut être différent):

tar xvzf pandorafms_server-lts.tar.gz

cp -Ra pandora_console /var/www/html/

rm -f /var/www/html/pandora_console/*.spec

Installation du serveur PFMS

Dans ce cas, il s'agit de la dernière version LTS (le nom du fichier peut être différent):

useradd pandora

mv pandorafms_server-7.0NG.tar.gz /opt/pandora/deploy/

cd /opt/pandora/deploy

tar xvfz pandorafms_server-lts.tar.gz

cd pandora_server

./pandora_server_installer --install

Installation de l'agent PFMS

apt install -y libyaml-tiny-perl perl coreutils wget curl unzip procps python3 python3-pip

mv pandorafms_agent_linux-7.0NG.tar.gz /opt/pandora/deploy/

cd /opt/pandora/deploy

tar xvzf pandorafms_one_agent_linux-lts.tar.gz

unix cd

./pandora_agent_installer --install

cp -a tentacle_client /usr/local/bin/

Installation GoTTY

cd /opt/pandora/deploy

wget https://firefly.pandorafms.com/pandorafms/utils/gotty_linux_amd64.tar.gz

tar xvzf gotty_linux_amd64.tar.gz

mv gotty /usr/bin/

Configuration pour SSL

cat> /etc/apache2/conf-available/ssl-params.conf <<EOF_PARAM
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

     SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

     SSLHonorCipherOrder On

     Header always set X-Frame-Options DENY

     Header always set X-Content-Type-Options nosniff

     # Requires Apache>= 2.4

     SSLCompression off

     SSLUseStapling on

     SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

     # Requires Apache>= 2.4.11

     SSLSessionTickets Off
EOF_PARAM

a2enmod ssl
a2enmod headers
a2enmod rewrite
a2enconf ssl-params
a2ensite default-ssl
a2enconf ssl-params
apache2ctl configtest

systemctl restart apache2
systemctl enable mysql --now
systemctl enable apache2 --now
systemctl enable php8.0-fpm --now

Structure et données dans MySQL

mysql -uroot -ppandora

wear pandora;

source /var/www/html/pandora_console/pandoradb.sql

source /var/www/html/pandora_console/pandoradb_data.sql

exit;

Configuration de PHP et d'Apache2

cat> /var/www/html/pandora_console/include/config.php <<EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="pandora";
\$config["dbuser"]="pandora";
\$config["dbpass"]="pandora";
\$config["dbhost"]="127.0.0.1";
\$config["homedir"]="/var/www/html/pandora_console";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F

cat> /etc/apache2/conf-enabled/pandora_security.conf <<EO_CONFIG_F
ServerTokens Prod
<Directory "/var/www/html">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
EO_CONFIG_F

chmod 600 /var/www/html/pandora_console/include/config.php

chown -R www-data:www-data /var/www/html/pandora_console

mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done

ln -s /etc/php/8.0/fpm/php.ini /etc/

sed --follow-symlinks -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini

sed --follow-symlinks -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini

sed --follow-symlinks -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini

sed --follow-symlinks -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini

sed --follow-symlinks -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini

sed --follow-symlinks -i -e "s/^disable_functions/;disable_functions/" /etc/php.ini

cat> /var/www/html/index.html <<EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX

systemctl restart apache2

systemctl restart php8.0-fpm

Configuration de l'agent et du serveur PFMS

cat> /etc/snmp/snmptrapd.conf <<EOF
authCommunity log public
disableAuthorization yes
EOF

sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^#.mssql_driver.*/mssql_driver 17/g" /etc/pandora/pandora_server.conf

grep -q "group www-data" /etc/pandora/pandora_server.conf || \
cat>> /etc/pandora/pandora_server.conf<<EOF_G
#Adding group www-data to assigning remote-config permission correctly for ubuntu 22.04
group www-data
EOF_G

sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_agent.conf

cat> /etc/pandora/pandora_server.env <<'EOF_ENV'
#!/bin/bash
VERSION=19.8
export PATH=$PATH:/opt/oracle/instantclient_19_8
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/oracle/instantclient_19_8
export ORACLE_HOME=/opt/oracle/instantclient_19_8
export OPENSSL_CONF=/etc/ssl
EOF_ENV

cat>> /etc/sysctl.conf <<EO_KO
# Pandora FMS Optimization
#default=5
net.ipv4.tcp_syn_retries = 3
#default=5
net.ipv4.tcp_synack_retries = 3
#default=1024
net.ipv4.tcp_max_syn_backlog = 65536
#default=124928
net.core.wmem_max = 8388608
#default=131071
net.core.rmem_max = 8388608
#default = 128
net.core.somaxconn = 1024

#default = 20480
net.core.optmem_max = 81920

EO_KO

sysctl --system

chown pandora: www-data /var/log/pandora

chmod g+s /var/log/pandora

cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
         your apache root
         weekly
         missingok
         size 300000
         rotate 3
         max age 90
         compress
         notifempty
         copytruncate
         create 660 pandora apache
}

/var/log/pandora/pandora_snmptrap.log {
         your apache root
         weekly
         missingok
         size 500000
         rotate 1
         max age 30
         notifempty
         copytruncate
         create 660 pandora apache
}

EO_LR

cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
         your apache root
         weekly
         missingok
         size 300000
         rotate 3
         max age 90
         compress
         notifempty
         copytruncate
}

EO_LRA

chmod 0644 /etc/logrotate.d/pandora_server

chmod 0644 /etc/logrotate.d/pandora_agent

Tentacle et cron

/etc/init.d/pandora_server start

systemctl enablepandora_server

service tentacle_server start

systemctl enable tentacle_server

echo "* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep -session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php>> $PANDORA_CONSOLE/log/cron.log">> /etc/crontab

echo "@hourly root bash -c /etc/cron.hourly/pandora_db">> /etc/crontab

Configuration distante de l'agent :

sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_agent.conf

/etc/init.d/pandora_agent_daemon start

systemctl enable pandora_agent_daemon

Connexion au PFMS

Pour accéder à la console Web, tapez l'adresse IP (ou URL) de l'appareil suivie de /pandora_console/ .

Les identifiants de connexion par défaut sont les suivants

  • utilisateur: admin
  • mot de passe: pandora

Retour à l'index de la documentation du Pandora FMS

fr/documentation/pandorafms/technical_annexes/30_pfms_install_latest_ubuntu_server.txt · Dernière modification : 2024/12/03 19:32 de 127.0.0.1