I'd like to give our customers access to their graphs, but I don't want to give them direct access to our NMS server where the Cacti poller runs since we have other sensitive applications running there. Ideally, I'd set up Cacti purely as a frontend on a customer-accessible server, and allow it to query the NMS server to produce the graphs.
Does anyone have such a setup working? I've seen that RRDtool has something called RRD-Server which uses (recommended) tcp port 13900. I have tested this feature and it does work, although it is picky about the path to the RRDs.
It seems that if our customer-accessible web server could speak to RRDtool on port 13900 and mySQL on port 3306, it should be able to work as a frontend. Am I missing anything? Anyone have a hack or should this be a feature request?
-Tom
Running Cacti frontend on a separate web server
Moderators: Developers, Moderators
Good idea but....
... I should revise my original spec to say that I'd like to minimize the resources used on my NMS server, so as to keep Cacti collecting data smoothly. So, I want to forget about the RRD-Server and try to render the graphs on the customer-accessible server.
Could I nfs the cacti/rra directory, talk to mySQL on port 3306 and run the "customer" Cacti in read-graphs-only mode?
Could I nfs the cacti/rra directory, talk to mySQL on port 3306 and run the "customer" Cacti in read-graphs-only mode?
rkramer wrote:why not just nfs the cacti directory on your nms and then set up apache to use the mounted nfs share?
Re: Good idea but....
Yes. I have a configuration similar to this, although because of strict firewall policies, I am using an rsync to sync up the rrd files over ssh instead of using an nfs mount (after the initial sync, it only takes a couple of seconds to rsync the rrd files over the network).spiny wrote: Could I nfs the cacti/rra directory, talk to mySQL on port 3306 and run the "customer" Cacti in read-graphs-only mode?
Just configure the client account so they can only view the graphs, and you shouldn't have to touch the 'external' web interface at all - although you could remove some of the administration files, if you're paranoid
--
Live fast, die young
You're sucking up my bandwidth.
J.P. Pasnak,CD
CCNA, LPIC-1
http://www.warpedsystems.sk.ca
Live fast, die young
You're sucking up my bandwidth.
J.P. Pasnak,CD
CCNA, LPIC-1
http://www.warpedsystems.sk.ca
Now I'm happy....
Thanks for the input. I now have a working configuration that I am happy with. I installed Cacti and RRDTool on my customer-accessible server and removed all Cacti php files except the following:
-rw-r--r-- 1 1000 users 6171 Jul 1 10:45 auth_login.php
-rw-r--r-- 1 1000 users 3423 Jul 1 10:45 graph_image.php
-rw-r--r-- 1 1000 users 10438 Jul 1 10:45 graph.php
-rw-r--r-- 1 1000 users 6318 Jul 1 10:45 graph_settings.php
-rw-r--r-- 1 1000 users 13531 Jul 1 10:45 graph_view.php
-rw-r--r-- 1 1000 users 2271 Jul 1 10:45 index.php
-rw-r--r-- 1 1000 users 1796 Jul 1 10:45 logout.php
I then linked the rra directory from my NMS server to /var/www/html/cact/rra on the customer server, and edited include/config.php to use the mySQL instance running on the NMS server.
I was careful to install RRDTool into the same directory on the customer server so that Cacti could find it.
Also I opened some ports between hosts on the firewall to make sure the two servers could speak to each other: mysql,sunrpc,nfs,642,645,32768,32769,32770.
Now I can set up customer accounts and don't have to worry about the security of my NMS server. The graphs are rendered on the customer server so I needn't worry about taxing the resources Cacti requires.
-Tom
-rw-r--r-- 1 1000 users 6171 Jul 1 10:45 auth_login.php
-rw-r--r-- 1 1000 users 3423 Jul 1 10:45 graph_image.php
-rw-r--r-- 1 1000 users 10438 Jul 1 10:45 graph.php
-rw-r--r-- 1 1000 users 6318 Jul 1 10:45 graph_settings.php
-rw-r--r-- 1 1000 users 13531 Jul 1 10:45 graph_view.php
-rw-r--r-- 1 1000 users 2271 Jul 1 10:45 index.php
-rw-r--r-- 1 1000 users 1796 Jul 1 10:45 logout.php
I then linked the rra directory from my NMS server to /var/www/html/cact/rra on the customer server, and edited include/config.php to use the mySQL instance running on the NMS server.
I was careful to install RRDTool into the same directory on the customer server so that Cacti could find it.
Also I opened some ports between hosts on the firewall to make sure the two servers could speak to each other: mysql,sunrpc,nfs,642,645,32768,32769,32770.
Now I can set up customer accounts and don't have to worry about the security of my NMS server. The graphs are rendered on the customer server so I needn't worry about taxing the resources Cacti requires.
-Tom
Who is online
Users browsing this forum: No registered users and 2 guests