实验中,服务器的信息:
[root@redhat8 ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@redhat8 ~]# uname -r
4.18.0-193.el8.x86_64
[root@redhat8 ~]# hostname
redhat8.zhuohua.store
[root@redhat8 ~]# cat /etc/hostname
redhat8.zhuohua.store
[root@redhat8 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:15:ba:0c brd ff:ff:ff:ff:ff:ff
inet 192.168.168.155/24 brd 192.168.168.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::92ab:5fb4:5373:ad53/64 scope link noprefixroute
valid_lft forever preferred_lft forever
LNMPA环境的安装:
[root@redhat8 ~]# tar -zxvf lnmp1.7-full.tar.gz
[root@redhat8 ~]# cd lnmp1.7-full
[root@redhat8 lnmp1.7-full]# CheckMirror=n ./install.sh lnmpa
注释: CheckMirror=n 使用本地光盘作为Yum源,不需要连公网。
选择数据库版本:
设置数据库用户root@localhost的密码:(以下是把密码设置为 888 )
启用InnoDB Storage Engine,输入 Y 再按回车键:
选择PHP版本:
选择是否安装内存优化:
备注:Jemalloc、TCMalloc都是是内存分配器。
需要设置管理员邮箱,该邮箱会在报错时显示在错误页面上:
选择Apache的版本:
安装或取消安装:
下面是全自动安装的^_^ ^_^
安装成功了:(安装好后,最好重启一下服务器)
查看Jemalloc是否正常运行:(只有Nginx和MariaDB使用了Jemalloc)
[root@redhat8 ~]# lsof -n |grep jemalloc
nginx 1039 root mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
nginx 1049 www mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1799 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1835 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1836 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1837 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1838 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1839 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1840 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1841 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1842 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1843 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1844 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1963 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1964 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1965 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1966 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1967 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 1968 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 2135 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
mysqld 1751 2193 mysqld mariadb mem REG 253,0 6123824 201991471 /usr/local/lib/libjemalloc.so.2
查看Nginx的编译参数:
[root@redhat8 ~]# nginx -V
nginx version: nginx/1.18.0
built by gcc 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-openssl=/root/lnmp1.7-full/src/openssl-1.1.1g --with-openssl-opt='enable-weak-ssl-ciphers' --with-ld-opt='-ljemalloc'
MariaDB的主配置文件:
[root@redhat8 ~]# cat /etc/my.cnf |grep -v "^$"
[client]
#password = your_password
port = 3306
socket = /tmp/mysql.sock
[mysqld]
port = 3306
socket = /tmp/mysql.sock
user = mariadb
basedir = /usr/local/mariadb
datadir = /usr/local/mariadb/var
log_error = /usr/local/mariadb/var/mariadb.err
pid-file = /usr/local/mariadb/var/mariadb.pid
skip-external-locking
key_buffer_size = 32M
max_allowed_packet = 1M
table_open_cache = 128
sort_buffer_size = 768K
net_buffer_length = 8K
read_buffer_size = 768K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
thread_cache_size = 16
query_cache_size = 16M
tmp_table_size = 32M
#skip-networking
max_connections = 500
max_connect_errors = 100
open_files_limit = 65535
log-bin=mysql-bin
binlog_format=mixed
server-id = 1
expire_logs_days = 10
default_storage_engine = InnoDB
innodb_file_per_table = 1
innodb_data_home_dir = /usr/local/mariadb/var
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /usr/local/mariadb/var
innodb_buffer_pool_size = 128M
innodb_additional_mem_pool_size = 2M
innodb_log_file_size = 32M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 32M
sort_buffer_size = 768K
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
[mysqld_safe]
malloc-lib=/usr/lib/libjemalloc.so
PHP的主配置文件:
[root@redhat8 ~]# find / -name "php.ini"
/usr/local/php/etc/php.ini
PHP的版本信息:
[root@redhat8 ~]# php -v
PHP 5.5.38 (cli) (built: Aug 16 2021 18:36:35)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
Apache的版本信息:
[root@redhat8 ~]# find / -name httpd
/etc/rc.d/init.d/httpd
/usr/local/apache/bin/httpd
[root@redhat8 ~]#
[root@redhat8 ~]# /usr/local/apache/bin/httpd -v
Server version: Apache/2.4.46 (Unix)
Server built: Aug 16 2021 18:20:03
[root@redhat8 ~]#
[root@redhat8 ~]# /usr/local/apache/bin/httpd -V
Server version: Apache/2.4.46 (Unix)
Server built: Aug 16 2021 18:20:03
Server's Module Magic Number: 20120211:93
Server loaded: APR 1.7.0, APR-UTIL 1.6.1
Compiled using: APR 1.7.0, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_PROC_PTHREAD_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/usr/local/apache"
-D SUEXEC_BIN="/usr/local/apache/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
安装snmp、rrdtool:(使用本地光盘作为Yum源即可)
[root@redhat8 ~]# yum -y install php-snmp net-snmp-utils rrdtool
安装Cacti:
tar -zxvf cacti-0.8.8b.tar.gz -C /usr/local/
mv -f /usr/local/cacti-0.8.8b/ /home/wwwroot/default/cacti
chown -R www:www /home/wwwroot/default/cacti
给Cacti创建库和用户:
[root@redhat8 ~]# mysql -uroot -p888
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.68-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database cacti CHARACTER SET latin1;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show create database cacti;
+----------+------------------------------------------------------------------+
| Database | Create Database |
+----------+------------------------------------------------------------------+
| cacti | CREATE DATABASE `cacti` /*!40100 DEFAULT CHARACTER SET latin1 */ |
+----------+------------------------------------------------------------------+
1 row in set (0.00 sec)
MariaDB [(none)]> grant all on cacti.* to cactiuser@localhost identified by '123';
Query OK, 0 rows affected (0.00 sec)
查看所有数据库用户及其主机信息:
MariaDB [(none)]> select user,host from mysql.user;
+-----------+-----------+
| user | host |
+-----------+-----------+
| root | 127.0.0.1 |
| root | ::1 |
| cactiuser | localhost |
| root | localhost |
+-----------+-----------+
4 rows in set (0.00 sec)
查看数据库用户cactiuser@localhost的权限:
MariaDB [(none)]> show grants for cactiuser@localhost;
+------------------------------------------------------------------------------------------------------------------+
| Grants for cactiuser@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'cactiuser'@'localhost' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' |
| GRANT ALL PRIVILEGES ON `cacti`.* TO 'cactiuser'@'localhost' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
将目录/home/wwwroot/default/cacti/里的cacti.sql 导入到MariaDB的库cacti里:
[root@redhat8 ~]# mysql -uroot -p888 cacti < /home/wwwroot/default/cacti/cacti.sql
查看库cacti里的表:(截图有省略)
mysql -uroot -p888 -e "use cacti;show tables;"
修改Cacti的配置文件里的数据库连接信息:
[root@redhat8 ~]# vi /home/wwwroot/default/cacti/include/config.php
Cacti的URL PATH:(登录Cacti的Web页面的格式 http://服务器IP/cacti/ )
保存文件后,重启Apache:
[root@redhat8 ~]# systemctl restart httpd
要先运行以下脚本,删掉PHP被禁用的函数:(不然Cacti会检测不到数据)
[root@redhat8 ~]# cd lnmp1.7-full/tools/
[root@redhat8 tools]# bash remove_disable_function.sh
重启Apache:
[root@redhat8 ~]# systemctl restart httpd
先手动运行几次以下的命令:
[root@redhat8 ~]# /usr/bin/php /home/wwwroot/default/cacti/poller.php
修改crontab文件,添加RRDtool抓图任务计划:
[root@redhat8 ~]# crontab -e
追加:
*/5 * * * * /usr/bin/php /home/wwwroot/default/cacti/poller.php
######
从Windows客户端安装:
http://192.168.168.155/cacti/
默认登录用户名和密码均为 admin
强制修改初始密码的:
Cacti的主界面:
######
添加Monitor,Thold等插件:
cd /root/cacti-plugin/
tar -zxvf cacti-plugin-0.8.7g-PA-v2.8.tar.gz -C /tmp/
cd /home/wwwroot/default/cacti/
patch -p1 -N < /tmp/cacti-plugin-arch/cacti-plugin-0.8.7g-PA-v2.8.diff
cd /home/wwwroot/default/cacti/plugins
tar -zxvf /root/cacti-plugin/monitor-0.8.2.tar.gz
tar -zxvf /root/cacti-plugin/settings-0.5.tar.gz
tar -zxvf /root/cacti-plugin/thold-0.4.3.tar.gz
mysql -u root -p888 cacti < monitor/monitor.sql
mysql -u root -p888 cacti < thold/thold.sql
再次修改Cacti的配置文件:
[root@redhat8 ~]# vi /home/wwwroot/default/cacti/include/config.php
修改为:(登录Cacti的Web页面的格式 http://服务器IP/cacti/ )
保存文件后,重启Apache:
[root@redhat8 ~]# systemctl restart httpd
######
登录Cacti的Web页面 http://192.168.168.155/cacti/
点击左边导航栏“concle”》“Configuration”下的“Plugin Management”:
分别单击按钮进行激活:
以下是已激活状态:
插件安装成功了:
插件“thold”:
插件“monitor”:
查看本机的图形信息:(要等一下才有图像出来的)
Cacti使用SNMPv3监控Ubuntu18.04.5
被监控主机的信息:
zhuohua@zhuohua_ubuntu:~$ cat /etc/issue
Ubuntu 18.04.5 LTS \n \l
zhuohua@zhuohua_ubuntu:~$ uname -r
4.15.0-112-generic
zhuohua@zhuohua_ubuntu:~$ hostname
zhuohua_ubuntu
zhuohua@zhuohua_ubuntu:~$ cat /etc/hostname
zhuohua_ubuntu
初始化系统管理员root的密码:
zhuohua@zhuohua_ubuntu:~$ sudo passwd root
[sudo] password for zhuohua: #先输入当前用户的密码
Enter new UNIX password: #输入系统管理员root的新密码
Retype new UNIX password: #输入系统管理员root的新密码
passwd: password updated successfully
切换到系统管理员root:
zhuohua@zhuohua_ubuntu:~$ su - root
Password: #输入系统管理员root的密码
root@zhuohua_ubuntu:~# pwd
/root
查看网卡的IP地址:
root@zhuohua_ubuntu:~# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.168.143 netmask 255.255.255.0 broadcast 192.168.168.255
inet6 fe80::20c:29ff:fead:cd7c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ad:cd:7c txqueuelen 1000 (Ethernet)
RX packets 39691 bytes 33642045 (33.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26027 bytes 4427142 (4.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
被监控主机安装SNMP相关软件包:(要连接公网)
root@zhuohua_ubuntu:~# sudo apt-get update
root@zhuohua_ubuntu:~# apt-get -y install snmpd snmp snmp-mibs-downloader
SNMP服务默认已启动:
root@zhuohua_ubuntu:~# ps -ef |grep snmpd |grep -v grep
Debian-+ 4971 1 0 14:44 ? 00:00:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
SNMP服务默认会开机自动启动:
root@zhuohua_ubuntu:~# systemctl is-enabled snmpd
enabled
本机测试SNMP服务是否正常:(默认就是使用SNMPv2c)
root@zhuohua_ubuntu:~# snmpwalk -v 2c -c public localhost 1.3.6.1.2.1.1.1
iso.3.6.1.2.1.1.1.0 = STRING: "Linux zhuohua_ubuntu 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64"
配置SNMPv3:
要修改SNMP服务的三个配置文件:
root@zhuohua_ubuntu:~# vi /etc/default/snmpd
SNMPDOPTS='-Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
修改为:
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
root@zhuohua_ubuntu:~# vi /etc/snmp/snmpd.conf
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
修改为:
#view systemonly included .1.3.6.1.2.1.1
#view systemonly included .1.3.6.1.2.1.25.1
view systemonly included .1
# Listen for connections from the local system only
agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161
修改为:
# Listen for connections from the local system only
#agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161
文件后面追加:
createUser user1 MD5 user1password
createUser user2 MD5 user2password AES user3encryption
rouser user1 auth 1.3.6.1.2.1
rwuser user2 priv 1.3.6.1.2.1
注释:
用户user1使用的是SNMP v3的 authNoPriv(认证但是不加密)
用户user2使用的是SNMP v3的 authPriv(既认证又加密)
root@zhuohua_ubuntu:~# vi /etc/snmp/snmp.conf
mibs :
修改为:
#mibs :
重启SNMP服务:
root@zhuohua_ubuntu:~# systemctl restart snmpd
本地测试:
root@zhuohua_ubuntu:~# snmpwalk -v 3 -u user1 -a MD5 -A "user1password" -l authNoPriv 127.0.0.1
root@zhuohua_ubuntu:~# snmpwalk -v 3 -u user2 -a MD5 -A "user2password" -l authPriv -x AES128 -X user3encryption 127.0.0.1
root@zhuohua_ubuntu:~# sudo netstat -antup | grep 161
udp 0 0 0.0.0.0:161 0.0.0.0:* 5336/snmpd
Ubuntu的防火墙默认是关闭状态:
root@zhuohua_ubuntu:~# sudo ufw status
Status: inactive
现在开启防火墙,并在系统启动时自动开启防火墙:
root@zhuohua_ubuntu:~# sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@zhuohua_ubuntu:~# sudo ufw default deny
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
#允许所有的外部IP访问本机的22/tcp(ssh)端口:
root@zhuohua_ubuntu:~# sudo ufw allow 22/tcp
Rule added
Rule added (v6)
#允许所有的外部IP访问本机的161/udp端口:
root@zhuohua_ubuntu:~# sudo ufw allow 161/udp
Rule added
Rule added (v6)
root@zhuohua_ubuntu:~# sudo ufw reload
Firewall reloaded
查看防火墙状态:
sudo ufw status
######
在Cacti服务器远程测试被监控主机的SNMP服务是否正常:
[root@redhat8 ~]# snmpwalk -v 3 -u user1 -a MD5 -A "user1password" -l authNoPriv 192.168.168.143
[root@redhat8 ~]# snmpwalk -v 3 -u user2 -a MD5 -A "user2password" -l authPriv -x AES128 -X user3encryption 192.168.168.143
######
Cacti服务器导入新的Linux主机模板:( Import Templates )
上传模板:
注释:文件从Windows客户端上传的。
导入模板:
导入成功:
######
Cacti服务器添加被监控主机:
1. 添加主机:
备注:不要用中文。
用户user1使用的是SNMP v3的 authNoPriv(认证但是不加密):
2. 为主机添加图形:
保存成功后,点击右上边的 *Create Graphs for this Host (为这个主机新建图形)
将需要的选项右边的复选框勾上,对应项就会变成黄色;选好后,点击右下角的 Create
3.把主机添加到树:
点击导航栏中“Management”下的“Graph Trees”,再点击右上角的“Add”:(创建新的树)
进入指定的树,点击“Add”:
主机成功添加到树:
正常的话,图形是有数值出现的:(需要等一段时间,才会出现的)
笺注:
用户user2使用的是SNMP v3的 authPriv(既认证又加密):
相关文章:
CentOS8_lnmp1.7_LAMP_安装Cacti
Zabbix使用自编译/预编译Agent监控Ubuntu18.04.5
Zabbix5.0.12_使用SNMP监控iKuai路由器(SNMPv3+SNMP OID)
MariaDB10.3使用Jemalloc
Nginx/1.14.2编译安装使用Jemalloc |