Just thought I'd share a script I assembled to automate deployment of a new cacti instance.
It drops it into an apache VH running in *:80 in the docroot as I'm not keen on the "Alias /cacti/" thing.
It doesn't address stuff like selinux/spine, https or plugin installation (yet) but I will be probably be adding that also.
I have posted the script on my blog but will drop it here for you all.
I've not tested it on other RedHat variants.
Although there are some basic checks please don't run this if you already have live stuff on a server!!
Code: Select all
#!/usr/bin/env bash
#===============================================================================
#
# FILE: install-cacti.sh
#
# USAGE: ./install-cact.sh #<- as root!
#
# DESCRIPTION: install a fresh cacti+httpd+mysql on a clean centos 6.x
#
# This will setup cacti to run on the docroot (http://hostname/ ) rather than the default http://hostname/cacti/
#
# ^ in otherwords: DO NOT RUN THIS ON A SERVER THATS ALREADY A WEBSERVER!!!
# ^^ YOU'VE BEEN WARNED..THIS IS FOR A DEDICATED CLEAN MACHINE!! OK!?
# ^^^ It will also open :80 and :443 and set selinux permissive
# ^^^^ Have a working mysqld installed or it will install and setup that itself
#
#
# OPTIONS: ---
# REQUIREMENTS: lazyness
# BUGS: ---
# NOTES:
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# !!! THIS SCRIPT DOES NO CHECKS, OK!?
#
# run it on a clean non-production box! GOT IT!?
#
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# AUTHOR: David Stark (stark), david@starkers.org
# CREATED: 130924
#
# LICENSE: WTFPL (http://www.wtfpl.net/about/)
#
#===============================================================================
# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
# Version 2, December 2004
#
# Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
#
# Everyone is permitted to copy and distribute verbatim or modified
# copies of this license document, and changing it is allowed as long
# as the name is changed.
#
# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
# TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
#
# 0. You just DO WHAT THE FUCK YOU WANT TO.
#===============================================================================
# CHANGELOG:
# 130925-DS various fixes, automated the mysqld install/setup (this may be useful in itself for future mysqld deployment)
#
#I created this function to generate passwords (I would wager this is > lastpass's ^g .... dunno? )
random_hash(){
#.. this function exports the variable "NEWHASH" from the md5sum of a (randomish) file
TMPF=`mktemp`
dd if=/dev/urandom of=$TMPF bs=1M count=5 1>/dev/null 2>/dev/null
export NEWHASH="$(md5sum $TMPF | awk '{print $1}')"
echo NEWHASH=$NEWHASH
rm -f $TMPF
}
#Check if mysqld is already running, if so I won't run mysql_secure_installation later
#
killall -0 mysqld_safe 2>/dev/null && MYSQLD=1
if [ "X$MYSQLD" == "X1" ]; then
echo "# Mysqld was already running before I got here, so I'm assuming you've already run mysql_secure_installation"
else
echo "# Looks like no mysqld is running"
yum install mysql mysql-server -y
echo "# start + enable mysqld"
service mysqld start ; chkconfig mysqld on
echo "# generate a new hash"
random_hash
echo "# securing the install and setting root pass"
TMPF=`mktemp`
cat >"$TMPF"<<-EOF
Y
$NEWHASH
$NEWHASH
Y
Y
Y
Y
EOF
/usr/bin/mysql_secure_installation < $TMPF
if [ ! -f /root/.my.cnf ]; then
echo "# Prepping /root/.my.cnf"
cat >/root/.my.cnf<<-EOF
[client]
user = root
password = $NEWHASH
EOF
chown root:root /root/.my.cnf
chmod 600 /root/.my.cnf
fi
wget -q https://raw.github.com/major/MySQLTuner-perl/master/mysqltuner.pl -O /root/mysqltuner.pl ; chmod +x /root/mysqltuner.pl
echo "# your mysql root pass: $NEWHASH"
echo "# Pro tip: run /root/mysqltuner.pl , See: https://startpage.com/do/search?q=mysqltuner"
fi
if [ ! -f /root/.my.cnf ]; then
echo "I'm sorry but this script relies on being able to automatically log into mysql based on /root/my.cnf, will not continue"
exit 1
fi
# install epel (cause its awesome, period)
#see http://dl.fedoraproject.org/pub/epel/6/i386/repoview/epel-release.html
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm #<works on i686.. nb: ".noarch"
echo "# get stuff is installed"
yum install -y cacti httpd httpd-devel php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-mysql php-snmp net-snmp-utils net-snmp-libs php-pear-Net-SMTP rrdtool unzip
echo "# Create the 'cacti' DB"
random_hash
TMPF=`mktemp`
printf "CREATE DATABASE cacti; GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY '$NEWHASH'; FLUSH privileges;\n" > $TMPF
mysql <$TMPF ; rm -f $TMPF
# import cacti.sql into the DB
mysql -u cacti -p$NEWHASH cacti < `rpm -ql cacti | grep \/cacti.sql$` || exit 1
# Set database_username in /etc/cacti/db.php:"
sed -i "s+e\ \=\ \"cactiuser+e\ \=\ \"cacti+1" /etc/cacti/db.php
# Set database_password in /etc/cacti/db.php:"
sed -i "s+d\ \=\ \"cactiuser+d\ \=\ \"$NEWHASH+1" /etc/cacti/db.php
# set url_path = "/" (this sed cheats and just modifies the last line cause I'm lazy)
sed -i 's+?>+$url_path = "/";\n?>+g' /etc/cacti/db.php
## I want this as a VH so we could create more VHs later or whatnot..
# For now it'll just be the global *:80 as this is for a dedicated cacti VM in my case.
# Preparing /etc/httpd/conf.d/cacti.conf as a *:80 virtualhost (TODO: automatic SSL setup)
CONF=/etc/httpd/conf.d/cacti.conf
## prepend: VirtualHost stuff
sed -i "1s+^+NameVirtualHost *:80\n<VirtualHost *:80>\n DocumentRoot /usr/share/cacti\n+" $CONF
#comment out Alias
sed -i "s+^Alias+#Alias+g" $CONF
#Close the VH
printf "\n</VirtualHost>\n" >> $CONF
#Allow other ppl to actually use it ( <3 paranoid defaults )
sed -i "s+Allow from localhost+Allow from all+g" $CONF
#restart apache
service httpd restart
sed -i "s+^#++g" /etc/cron.d/cacti
service crond reload
## Do we have iptables enabled?
service iptables status 1>/dev/null 2>/dev/null && FIREWALL=1
if [ X"$FIREWALL" == X1 ]; then
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
service iptables save
fi
## go login.. default user and password = admin