Guide d'installation de Pandora FMS sur Rocky Linux

Exigences préalables

Rocky Linux 8 avec des droits d'utilisateur root.
Connexion à l'internet.

Configuration du référentiel

dnf install -y \
 epel-release \
 tar \
 dnf-utils \
 http://rpms.remirepo.net/enterprise/remi-release-8.rpm

dnf module reset php

dnf module install -y php:remi-8.2

dnf config-manager --set-enabled powertools

Installation de la base de données Percona

dnf install -y https://repo.percona.com/yum/percona-release-latest.noarch.rpm

dnf module disable -y mysql

rm -rf /etc/my.cnf

percona-release setup ps80 -y

dnf install -y percona-server-server percona-xtrabackup-80

Installation des dépendances de la console Web

dnf install -y \
    php \
    postfix \
    php-mcrypt \
    php-cli \
    php-gd \
    php-curl \
    php-session \
    php-mysqlnd \
    php-ldap \
    php-zip \
    php-zlib \
    php-fileinfo \
    php-gettext \
    php-snmp \
    php-mbstring \
    php-pecl-zip \
    php-xmlrpc \
    php-fpm \
    php-xml \
    php-yaml \
    libxslt \
    wget \
    httpd \
    mod_php \
    atk \
    avahi-libs \
    cairo \
    cups-libs \
    fribidi \
    gd \
    gdk-pixbuf2 \
    ghostscript \
    graphite2 \
    graphviz \
    gtk2 \
    harfbuzz \
    hicolor-icon-theme \
    hwdata \
    jasper-libs \
    lcms2 \
    libICE \
    libSM \
    libXaw \
    libXcomposite \
    libXcursor \
    libXdamage \
    libXext \
    libXfixes \
    libXft \
    libXi \
    libXinerama \
    libXmu \
    libXrandr \
    libXrender \
    libXt \
    libXxf86vm \
    libcroco \
    libdrm \
    libfontenc \
    libglvnd \
    libglvnd-egl \
    libglvnd-glx \
    libpciaccess \
    librsvg2 \
    libthai \
    libtool-ltdl \
    libwayland-client \
    libwayland-server \
    libxshmfence \
    mesa-libEGL \
    mesa-libGL \
    mesa-libgbm \
    mesa-libglapi \
    pango \
    pixman \
    xorg-x11-fonts-75dpi \
    xorg-x11-fonts-misc \
    poppler-data \
    mod_ssl \
    libzstd \
    openldap-clients \
    https://firefly.pandorafms.com/centos8/chromium-122.0.6261.128-1.el8.x86_64.rpm \
    https://firefly.pandorafms.com/centos8/chromium-common-122.0.6261.128-1.el8.x86_64.rpm \
    http://firefly.pandorafms.com/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm \
    http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm

Installation des dépendances du serveur PFMS

dnf install -y \
    perl \
    vim \
    fping \
    perl-IO-Compress \
    nmap \
    sudo \
    perl-Time-HiRes \
    nfdump \
    net-snmp-utils \
    'perl(NetAddr::IP)' \
    'perl(Sys::Syslog)' \
    'perl(DBI)' \
    'perl(XML::Simple)' \
    'perl(Geo::IP)' \
    'perl(IO::Socket::INET6)' \
    'perl(XML::Twig)' \
    expect \
    openssh-clients \
    java \
    bind-utils \
    whois \
    libnsl \
    http://firefly.pandorafms.com/centos7/xprobe2-0.3-12.2.x86_64.rpm \
    http://firefly.pandorafms.com/centos7/wmic-1.4-1.el7.x86_64.rpm \
    https://firefly.pandorafms.com/centos8/pandorawmic-1.0.0-1.x86_64.rpm

Dépendances Perl et VMware

dnf install -y \
    perl-Net-HTTP \
    perl-libwww-perl \
    openssl-devel \
    perl-Crypt-CBC \
    perl-Bytes-Random-Secure \
    perl-Crypt-Random-Seed \
    perl-Math-Random-ISAAC \
    perl-JSON \
    perl-Crypt-SSLeay \
    http://firefly.pandorafms.com/centos8/perl-Crypt-OpenSSL-AES-0.02-1.el8.x86_64.rpm \
    http://firefly.pandorafms.com/centos8/VMware-vSphere-Perl-SDK-6.5.0-4566394.x86_64.rpm

Installation du client Oracle

dnf install -y \
  https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-basic-19.8.0.0.0-1.x86_64.rpm \
  https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-sqlplus-19.8.0.0.0-1.x86_64.rpm

Installation des dépendances pour Discovery PFMS

curl https://packages.microsoft.com/config/rhel/8/prod.repo -o /etc/yum.repos.d/mssql-release.repo

dnf remove unixODBC-utf16 unixODBC-utf16-devel

env ACCEPT_EULA=Y dnf install -y msodbcsql17

Paramètres du système d'exploitation et création de la base de données

setenforce 0

sed -i -e "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config

systemctl disable firewalld --now

cat> /etc/my.cnf <<EO_CONFIG_TMP
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EO_CONFIG_TMP

systemctl start mysqld

grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev
mysql -uroot -p"contraseña";

SET PASSWORD FOR 'root'@'localhost' = 'Pandor4!';

UNINSTALL COMPONENT 'file://component_validate_password';

SET PASSWORD FOR 'root'@'localhost' = 'pandora';

CREATE DATABASE pandora;

CREATE USER 'pandora'@'%' IDENTIFIED BY 'pandora';

ALTER USER 'pandora'@'%' IDENTIFIED WITH mysql_native_password BY 'pandora';
GRANT ALL PRIVILEGES ON pandora.* TO 'pandora'@'%';

exit

POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")

cat> /etc/my.cnf <<EO_CONFIG_F
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
character-set-server=utf8mb4
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results

max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 300
thread_cache_size = 8
thread_stack    = 256K
max_connections = 100

key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M

skip-log-bin

sql_mode=""

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

EO_CONFIG_F

systemctl restart mysqld

systemctl enable mysqld --now

Installation de la console et du serveur Pandora FMS

Les liens de téléchargement pour les installateurs du PFMS server et de la Console Web peuvent être demandés via ce lien et obtenir un essai (démo) gratuit.

Pour installer l'agent logiciel PFMS:

wget https://firefly.pandorafms.com/pandorafms/latest/pandorafms_one_agent_linux_bin-latest.el8.x86_64.rpm

dnf install -y ./pandorafms*.rpm

wget https://firefly.pandorafms.com/pandorafms/utils/gotty_linux_amd64.tar.gz

tar xvzf gotty_linux_amd64.tar.gz

mv gotty /usr/bin/

systemctl enable mysqld --now

systemctl enable httpd --now

mysql -upandora -ppandora

use pandora;

source /var/www/html/pandora_console/pandoradb.sql;

source /var/www/html/pandora_console/pandoradb_data.sql;

exit;

cat> /var/www/html/pandora_console/include/config.php <<EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="pandora";
\$config["dbuser"]="pandora";
\$config["dbpass"]="pandora";
\$config["dbhost"]="127.0.0.1";
\$config["homedir"]="/var/www/html/pandora_console";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F

cat> /etc/httpd/conf.d/pandora.conf <<EO_CONFIG_F
ServerTokens Prod
<Directory "/var/www/html">
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
EO_CONFIG_F

sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/images/.htaccess

sed -i -e "s/php_flag engine off//g" /var/www/html/pandora_console/attachment/.htaccess

chmod 600 /var/www/html/pandora_console/include/config.php

chown apache. /var/www/html/pandora_console/include/config.php

mv /var/www/html/pandora_console/install.php /var/www/html/pandora_console/install.done

sed -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini

sed -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini

sed -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini

sed -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini

sed -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini

echo 'TimeOut 900'> /etc/httpd/conf.d/timeout.conf

cat> /var/www/html/index.html <<EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX

systemctl restart httpd

systemctl restart php-fpm

cat> /etc/snmp/snmptrapd.conf <<EOF
authCommunity log public
disableAuthorization yes
EOF

sed -i -e "s/^dbhost.*/dbhost 127.0.0.1/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbname.*/dbname pandora/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbuser.*/dbuser pandora/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^dbpass.*|dbpass pandora|g" /etc/pandora/pandora_server.conf

sed -i -e "s/^dbport.*/dbport 3306/g" /etc/pandora/pandora_server.conf

sed -i -e "s/^#.mssql_driver.*/mssql_driver ODBC Driver 17 for SQL Server/g" /etc/pandora/pandora_server.conf

sed -i -e "s|^fping.*|fping /usr/sbin/fping|g" /etc/pandora/pandora_server.conf

sed -i "s/^remote_config.*$/remote_config 1/g" /etc/pandora/pandora_server.conf

cat> /etc/pandora/pandora_server.env <<'EOF_ENV'
#!/bin/bash
VERSION=19.8
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV

cat>> /etc/sysctl.conf <<EO_KO
# Pandora FMS Optimization

# default=5
net.ipv4.tcp_syn_retries = 3

# default=5
net.ipv4.tcp_synack_retries = 3

# default=1024
net.ipv4.tcp_max_syn_backlog = 65536

# default=124928
net.core.wmem_max = 8388608

# default=131071
net.core.rmem_max = 8388608

# default = 128
net.core.somaxconn = 1024

# default = 20480
net.core.optmem_max = 81920

EO_KO

sysctl --system

chown pandora:apache /var/log/pandora

chmod g+s /var/log/pandora

cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
        create 660 pandora apache
}

/var/log/pandora/pandora_snmptrap.log {
        su root apache
        weekly
        missingok
        size 500000
        rotate 1
        maxage 30
        notifempty
        copytruncate
        create 660 pandora apache
}

EO_LR

cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
}

EO_LRA

chmod 0644 /etc/logrotate.d/pandora_server

chmod 0644 /etc/logrotate.d/pandora_agent

systemctl enable pandora_server --now

/etc/init.d/pandora_server start

systemctl enable tentacle_serverd

service tentacle_serverd start

echo \"* * * * * root wget -q -O - --no-check-certificate --load-cookies /tmp/cron-session-cookies --save-cookies /tmp/cron-session-cookies --keep session-cookies http://127.0.0.1/pandora_console/enterprise/cron.php>> /var/www/html/pandora_console/log/cron.log\">> /etc/crontab

systemctl enable pandora_agent_daemon

systemctl start pandora_agent_daemon

Connexion à PFMS

Pour accéder à la console Web, tapez l'adresse IP (ou URL) de l'appareil suivie de /pandora_console/ .

Les identifiants de connexion par défaut sont :

utilisateur : admin
mot de passe : pandora

Retour à l'index de la documentation du Pandora FMS

Table des matières