1. 安裝基礎軟體

---

基本環境介紹：

1.1安裝基礎軟體包

安裝 Cacti 需要 Mysql，PHP，RRDTool，net-snmp 和 支援 PHP 的 Web伺服器，如 Apache，Nginx 或 IIS等。
軟體版本要求：

1. PHP 5.4+ https://php.net/
2. MySQL 5.6+ https://mysql.com/
3. RRDtool 1.3+, 1.5+ recommended http://oss.oetiker.ch/rrdtool/
4. NET-SNMP 5.5+
5. Web Server with PHP support

安裝mysql資料庫

配置MariaDB官方yum源，這裡安裝mariadb10.3.5版本：

[[email protected] ~]# vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name=MariaDB
baseurl= http://yum.mariadb.org/10.3.5/centos74-amd64/
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB  
gpgcheck=1

安裝mariadb server和mariadb client

[[email protected]
 
 ~]# yum install -y MariaDB-server MariaDB-client MariaDB-devel
Installed:
MariaDB-client.x86_64 0:10.3.5-1.el7.centos
MariaDB-devel.x86_64 0:10.3.5-1.el7.centos
MariaDB-server.x86_64 0:10.3.5-1.el7.centos

安裝httpd和php

# yum install -y httpd php

這裡安裝Apache/2.4.6和php5.4.16

[root@cacti ~]# httpd -v
Server
 
 version: Apache/2.4.6 (CentOS)
Server built:   Jun 27 2018 13:48:59
[root@cacti ~]# php -v
PHP 5.4.16 (cli) (built: Apr 12 2018 19:02:01) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

安裝php擴充套件

# yum install –y php-mysql php-snmp php-xml php-ldap php-gd php-mbstring php-posix

安裝net-snmp簡單網路管理協議

# yum install –y net-snmp net-snmp-libs net-snmp-utils net-snmp-devel net-snmp-perl

安裝RRDTool 繪圖工具

# yum install –y rrdtool rrdtool-devel rrdtool-php rrdtool-perl perl-devel perl-CPAN perl-YAML

1.2 配置webserver

檢視httpd.conf配置檔案，確保包含以下內容：

[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

配置php.conf配置檔案，末尾新增以下內容：

[root@cacti ~]# vim /etc/httpd/conf.d/php.conf
........
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
LoadModule php5_module modules/libphp5.so
#
# Cause the PHP interpreter to handle files with a .php extension.
AddHandler php5-script .php
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
DirectoryIndex index.php

啟動httpd服務並設為開機啟動

# systemctl start httpd && systemctl enable httpd

1.3 配置PHP

請確保為以下PHP擴充套件模組內建或安裝了PHP支援：
• mysql (For configuration, see note below)
• SNMP (For configuration, see note below)
• XML
• Session
• Sockets
• LDAP (Required only when using LDAP authentication)
• GD (Required only for some Plugins)
您可以執行以下命令來獲取所有可用PHP模組的列表：php –m
修改php.ini配置檔案,新增或找到如下內容
關閉安全模式並修改時區

[[email protected] ~]# vim /etc/php.ini
[PHP]
safe_mode = Off
……
date.timezone = Asia/Shanghai

測試php與apache解析是否正常，建立php測試頁面

[[email protected] ~]# vim /var/www/html/index.php
<?php
    phpinfo();
?>

重啟httpd服務並進行測試:

如果cacti目錄不在apache目錄下，參考如下設定，這裡省略。

In case you do not install Cacti to the default web directory, put the following as cacti.conf into /etc/httpd/conf.d. Change /your/cacti/dir to your cacti directory name. Change the Allow from 127.0.0.1 directive to whatever you need (e.g. the subnets in your company). Follow the hints given in the comments, especially when using SELinux!

# Cacti - the complete rrdtool-based graphing solution
# 
# Allows only localhost by default
#
# Allowing cacti to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

# Make sure, that httpd can read your cacti directories.
# At minimum, you need
#    chmod ugo+r -R /your/cacti/dir
# Make sure to replace with your directories

# When using SELinux, set the following:
#    chcon -R -h -t httpd_sys_content_t /your/cacti/dir
# when using SELinux and you private homedir, enable
#    setsebool -P httpd_enable_homedirs 1
#    setsebool -P httpd_read_user_content 1

Alias /cacti /your/cacti/dir
<Directory /your/cacti/dir>
   AllowOverride None
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1
   Allow from ::1
   Options Indexes Includes FollowSymLinks
</Directory>

# These directories do not require access over HTTP 
#
<Directory /your/cacti/dir/cli>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

1.4配置MYSQL

啟動mysql資料庫服務並設為開機啟動

[root@localhost ~]# systemctl start mariadb && systemctl enable mariadb

初始化MariaDB資料庫,主要建立mysql資料庫密碼，然後全部Y下一步：

[root@localhost ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):   //當前資料庫密碼為空，直接按回車鍵
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y    //輸入要為root管理員設定的密碼（資料庫root非linux root）
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y    //刪除匿名賬號
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y   //禁止root管理員從遠端登入
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y   //刪除test資料庫並取消對它的訪問許可權
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y   //重新整理授權表，讓初始化後的設定立即生效
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

這裡在上面初始化過程中資料庫root密碼設定為123456，登陸資料庫驗證密碼設定是否正確

[[email protected] ~]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.3.5-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 

修改mysql配置檔案，在[server]下增加如下內容

[[email protected] ~]# vim /etc/my.cnf.d/server.cnf
[server]

# this is only for the mysqld standalone daemon
character_set_server = utf8mb4
collation-server = utf8mb4_unicode_ci
max_heap_table_size = 256M
max_allowed_packet = 16777216
tmp_table_size = 64M
join_buffer_size = 64M
innodb_file_per_table = ON
innodb_buffer_pool_size = 1024M
innodb_doublewrite = OFF
#innodb_additional_mem_pool_size = 96M
innodb_flush_log_at_timeout = 3
innodb_read_io_threads = 32
innodb_write_io_threads =16

資料庫與PHP測試：

[[email protected] ~]# vim /var/www/html/linkdb.php
<?php
$a=mysql_connect("localhost","root","123456");
if($a){echo "ok";}else{echo "err";}
?>

測試

[root@cacti ~]# yum install –y elinks
[root@cacti ~]# elinks --dump http://localhost/linkdb.php
ok

或者訪問頁面

1.5 配置SNMP

修改snmp配置檔案，找到如下內容修改

# vim /etc/snmp/snmpd.conf
//修改default為本機ip，修改public為自己的團體名（可以不改），42行
com2sec notConfigUser default public 
//把systemview改成all ,供所有snmp 訪問許可權  64行
access notConfigGroup "" any noauth exact all none none   
//去掉此行註釋
view all included .1 80 // 去掉#號 85行

重啟snmp服務

# systemctl restart snmpd.service && systemctl enable snmpd.service

本機測試snmp資料（修改monit為配置的團體名），檢視是否能夠獲取資料

snmpwalk -v 2c -c public localhost system

遠端測試snmp資料（修改ip為伺服器ip，snmpwalk命令需要安裝net-snmp）

snmpwalk -v 2c -c public ip system

2. 安裝和配置cacti

官網下載:https://www.cacti.net/downloads/cacti-1.1.38.tar.gz
官網無法訪問時可以在github下載

1.下載Cacti 安裝包

# wget https://github.com/Cacti/cacti/archive/release/1.1.38.tar.gz
# tar -zxvf 1.1.38.tar.gz
# cp -R cacti-release-1.1.38/ /var/www/html/cacti

2.建立 cacti 資料庫
建立cacti資料庫，建立資料庫使用者cactiuser，設定使用者相關授權

[root@cacti ~]# mysql –u root -p
MariaDB [(none)]> create database cacti;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on cacti.* to cactiuser@localhost identified by "cactiuser";
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT SELECT ON mysql.time_zone_name TO 'cactiuser'@'localhost' IDENTIFIED BY 'cactiuser';           
Query OK, 0 rows affected (0.00 sec)

MariaDB [cacti]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

注意這裡的資料庫使用者名稱密碼全部為cactiuser,可以自定義。

3.匯入 Cacti 預設資料庫

MariaDB [(none)]> use cacti;
Database changed
MariaDB [cacti]> source /var/www/html/cacti/cacti.sql;
………………
MariaDB [cacti]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [cacti]> quit
Bye

配置資料庫時區：

[[email protected] ~]# mysql_tzinfo_to_sql /usr/share/zoneinfo/ | mysql -u root -p mysql
Enter password: 
Warning: Unable to load '/usr/share/zoneinfo//leapseconds' as time zone. Skipping it.
Warning: Unable to load '/usr/share/zoneinfo//tzdata.zi' as time zone. Skipping it.

4.測試使用cactiuser使用者登入cacti資料庫

使用自己設定的使用者名稱密碼登入

[root@cacti ~]# mysql -ucactiuser -pcactiuser
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 

5. 建立cacti配置檔案config.php

主要修改資料庫使用者名稱密碼，和cacti路徑，這裡全部預設，根據個人配置進行修改

[root@cacti ~]# cp /var/www/html/cacti/include/{config.php.dist,config.php}
[root@cacti ~]# vim /var/www/html/cacti/include/config.php
[root@cacti include]# vim config.php
………………
$database_type     = 'mysql';
$database_default  = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cactiuser';
$database_password = 'cactiuser';
$database_port     = '3306';
$database_ssl      = false;
……………

$url_path = '/cacti/';

6.建立 cacti 系統使用者，設定目錄許可權

[root@cacti ~]# useradd -r -M cacti
[root@cacti ~]# chown -R cacti /var/www/html/cacti/{rra,log}/
[root@cacti ~]# chown -R apache.apache /var/www/html/cacti/{resource,cache,scripts}/
[root@cacti ~]# chmod -R 777 /var/www/html/cacti/

7. 新增定時任務

將每5分鐘執行一次的資料獲取指令碼加入crontab

[root@cacti ~]# crontab -e
no crontab for root - using an empty one
*/5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1

8.重新啟動相關服務

# systemctl restart httpd && systemctl restart mariadb
# systemctl restart crond && systemctl restart snmpd

3. 安裝spine

cacti預設使用cmd.php來輪詢資料，速度會很慢，因此我們採用Spine來輪詢資料。cacti-spine是一個由C語言開發的，用於替代cmd.php的快速獲取速度的引擎。（也可以不裝）
安裝spine高速資料採集外掛

# wget https://www.cacti.net/downloads/spine/cacti-spine-1.1.38.tar.gz
# yum install -y mysql-devel dos2unix autoconf automake binutils libtool gcc cpp glibc-headers glibc-devel help2man
# tar zxvf cacti-spine-1.1.38.tar.gz
# cp -R cacti-spine-1.1.38 /usr/local/spine
# cd /usr/local/spine
# ln -s /usr/lib64/libmysqlclient.so.18.0.0 /usr/lib64/libmysqlclient.so
# sh bootstrap 
# ./configure
# make && make install
# chown root:root /usr/local/spine/bin/spine
# chmod +s /usr/local/spine/bin/spine

編輯spine.conf：

# cp  /usr/local/spine/etc/spine.conf.dist /etc/spine.conf

修改/etc/spine.conf如下部分：

# vim /etc/spine.conf
DB_Host localhost
DB_Database cacti
DB_User cactiuser
DB_Pass cactiuser
DB_Port 3306

進行初始化：
/usr/local/spine/bin/spine //執行此命令，成功後顯示如下

[[email protected] spine]# /usr/local/spine/bin/spine
SPINE: Using spine config file [/etc/spine.conf]
SPINE: Version 1.1.38 starting
SPINE: Time: 0.0385 s, Threads: 5, Devices: 0

4. 初始化cacti

重啟httpd服務，在瀏覽器訪問：http://ip/cacti，進入安裝介面。
檢查各個模組時，可能有部分錯誤，自行排查

安裝前檢查：

php moduel檢查

資料庫配置檢查

根據提示進行對應目錄許可權的配置，將相應目錄給予httpd對應使用者相應的讀寫許可權，重新整理瀏覽器後，點Next繼續：

選擇需要載入的模板，我這裡全選

5. Cacti監控使用

5.1 登陸cacti

初次登入預設使用者密碼為admin/admin

重設密碼，admin/[email protected]

成功登陸

登入後，在Console–>Configuration–>Settings–>Paths下配置spine路徑：

在Console–>Configuration–>Settings–>Poller下，將Poller Type改為spine，也可以在這裡修改資料收集時間間隔：

5.2 監控本機

選擇console—devie，配置local linux Machine，沒有則新增

配置基本引數

在頁面最下方的 Associated Graph Templates 中新增圖形模板

在 Associated Data Queries 中新增資料模板。

新增好相應的模板之後點選 Save。此時會彈出Save Successful會話框。
點選右上角的 Create Graphs for this Host，來為剛才通過模板所獲得到的資料進行畫圖

選中需要畫圖的項（勾選頁面看到的所有選項），其中依然分為兩部分：
通過 Graph Templates 中的內容都需要選中，而 Data Query 獲取的內容比較詳細，所以可以按需選擇。選擇好需要畫圖的專案後，點選右下角的 Create。

選擇Graphs檢視圖表

如果沒有加載出來，手動執行一次crontab裡面的命令，然後再次重新整理頁面
[[email protected] ~]# php /var/www/html/cacti/poller.php > /dev/null 2>&1

5.3 監控Linux客戶端

安裝SNMP

# yum -y install net-snmp net-snmp-utils

修改snmp配置檔案

[[email protected] ~]# vim /etc/snmp/snmpd.conf
1) 查詢以下程式碼:
com2sec                notConfigUser                default        public
將"comunity"欄位改為你要設定的密碼.比如"public",將“default”改為你想哪臺機器可以看到你的snmp資訊,如設為cacti監控端ip 192.168.92.56，修改後：
com2sec notConfigUser  192.168.0.8     public
2) 查詢以下程式碼:
access  notConfigGroup ""  any  noauth  exact  systemview none none
將"systemview "欄位改為all.修改後：
access  notConfigGroup ""  any   noauth  exact  all none none
3) 查詢以下程式碼:
#view all    included  .1    80
將該行前面的"#"去掉.

啟動snmp服務並設為開機啟動：

# systemctl start snmpd.service && systemctl enable snmpd.service

cacti監控端配置
新增裝置

增加監控選項，這裡省略，然後新建樹圖

編輯樹圖，新增裝置

拖動裝置到tree

檢視監控引數

監控Windows客戶端

開啟SNMP功能

開啟SNMP服務，在安全選項進行以下配置

重啟windows snmp服務,然後訪問cacti新增裝置

監控裝置引數配置如下，監控選項自行配置，這裡省略

檢視圖形