Icinga je monitorovací nástroj. Viac info:
https://icinga.com/
https://en.wikipedia.org/wiki/Icinga
1. najprv zistíme, akú verziu debianu máme:
root@guliverkel:/home/martin# cat /etc/debian_version
9.11
root@guliverkel:/home/martin#
2. spravíme update OS pomocou tohto skriptu:
3. Nainštalujeme balíčky, ktoré nám môžu chýbať:
apt install wget bash-completion unzip git make gcc -y
4. uctíme slová legendy:
reboot and pray
5. Nainštalujeme webový server a takisto php7
- ach, ako mi chýbalo php-fpm
apt install apache2 libapache2-mod-php7.0 php7.0-xml php7.0-opcache php7.0-xml php7.0-mbstring php7.0-json php7.0-curl php7.0-ldap php7.0-cli php7.0-gd php7.0-intl php7.0-readline -y
Ako vidíme, apache beží
root@guliverkel:/home/martin# systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-23 20:54:27 CET; 13s ago
Main PID: 5317 (apache2)
CGroup: /system.slice/apache2.service
├─5317 /usr/sbin/apache2 -k start
├─5321 /usr/sbin/apache2 -k start
├─5322 /usr/sbin/apache2 -k start
├─5323 /usr/sbin/apache2 -k start
├─5324 /usr/sbin/apache2 -k start
└─5325 /usr/sbin/apache2 -k start
Feb 23 20:54:27 guliverkel systemd[1]: Starting The Apache HTTP Server...
Feb 23 20:54:27 guliverkel apachectl[5313]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Feb 23 20:54:27 guliverkel systemd[1]: Started The Apache HTTP Server.
checkneme to aj takto:
A) netstat vidí
root@guliverkel:/home/martin# netstat -naplut | grep -i :80
tcp6 0 0 :::80 :::* LISTEN 5317/apache2
B) vidíme ako to beží v procesoch
root@guliverkel:/home/martin# ps aux | grep 5317
root 5317 0.0 0.4 397228 36780 ? Ss 20:54 0:00 /usr/sbin/apache2 -k start
6. Doinštalujeme potrebné nástroje, pokiaľ chcete robiť s ifconfig, route a pod.
apt install net-tools -y
7. Pokiaľ chcete aj s firewall nastaveniami, napíšte mi, upravím to o to. Ja v tomto prípade všetky firewally vypínam.
8. Pridáme mode rewrite do apachu (ja som pridal aj ssl) - Debian má na to nástroj a2enmod
root@guliverkel:/home/martin# a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
systemctl restart apache2
root@guliverkel:/home/martin# systemctl restart apache2
root@guliverkel:/home/martin# systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-23 21:02:58 CET; 6s ago
Process: 9430 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
Process: 9437 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 9441 (apache2)
Tasks: 6 (limit: 4915)
CGroup: /system.slice/apache2.service
├─9441 /usr/sbin/apache2 -k start
├─9442 /usr/sbin/apache2 -k start
├─9443 /usr/sbin/apache2 -k start
├─9444 /usr/sbin/apache2 -k start
├─9445 /usr/sbin/apache2 -k start
└─9446 /usr/sbin/apache2 -k start
Feb 23 21:02:58 guliverkel systemd[1]: Starting The Apache HTTP Server...
Feb 23 21:02:58 guliverkel apachectl[9437]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Feb 23 21:02:58 guliverkel systemd[1]: Started The Apache HTTP Server.
root@guliverkel:/home/martin#
root@guliverkel:/home/martin# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2
root@guliverkel:/home/martin# systemctl restart apache2
root@guliverkel:/home/martin#
- pokiaľ chcete, pridajte aj rewrite mód
9. Je čas ladiť PHP
- php.ini je konfiguračný súbor pre php. Ten si treba najprv zálohovat
root@guliverkel:/home/martin# cp /etc/php/7.0/apache2/php.ini /etc/php/7.0/apache2/php.ini.bak
root@guliverkel:/home/martin# ls -lisa /etc/php/7.0/apache2/php.ini*
root@guliverkel:/home/martin# ls -lisa /etc/php/7.0/apache2/php.ini*
71146 72 -rw-r--r-- 1 root root 71537 Feb 16 16:11 /etc/php/7.0/apache2/php.ini
23849 72 -rw-r--r-- 1 root root 71537 Feb 23 21:08 /etc/php/7.0/apache2/php.ini.bak
- upravíme hodnoty pre php
Doplnil som na konci toto:
php_value max_execution_time 300
php_value memory_limit 128M
php_value max_input_time 300
date.timezone = Europe/London
a ešte ohľadom cache:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
- potom reštart apachu
systemctl restart apache2
http://localhost/info.php (keď to robíte u seba, na tejto adrese, vášho PC, uvidíte hodnoty PHP)
10. nainštalujeme mariadb - databázový server, client a prepojenie php 7.0 s mysql
apt install mariadb-server mariadb-client php7.0-mysql -y
11. Checkneme, či sa naištalovala a rozbehla.:
root@guliverkel:/home/martin# netstat -naplut | grep 3306
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 15720/mysqld
root@guliverkel:/home/martin# systemctl status mariadb
● mariadb.service - MariaDB 10.1.44 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-23 21:15:02 CET; 1min 9s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 15720 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─15720 /usr/sbin/mysqld
12. vytvoríme užívateľa pre mariadb
mysql -h localhost
- prihlásime sa do databázy
use mysql;
- vyberieme si databázu mysql
update user set plugin='' where user='root';
- zmeníme default užívateľa na užívateľa root
flush privileges;
- potrvdíme zmeny
exit
- vyjdeme von
Tu je to celé pokope:
mysql -h localhost
use mysql;
update user set plugin='' where user='root';
flush privileges;
exit
13. vytvoríme heslo pre roota do mariadb
-je čas vytvoriť heslo pre root užívateľa v mariadb
-tento príkaz:
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): -tu stlačte len enter
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
- pre istotu reštartujte mariadb
systemctl restart mariadb
13. Prihlásime sa do mariadb a vytvoríme databázu:
pokiaľ budete ať chybu 1045, skúste tu:
root@guliverkel:/home/martin# mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
root@guliverkel:/home/martin# mysql -u root -p
Enter password:
14. vytvoríme databázu icingadb
Tu je to celé:
- najprvy vytvoríte databázu icingadb, potom pridáte práva (grant sú práva v SQL) a nakoniec to potvrdíte a odídete
- sql je preto také známe, pretože pri tom jazyku stačí vedieť po anglicky :-)
create database icingadb;
grant all privileges on icingadb.* to 'icinga_user'@'localhost' identified by 'icinga_pass';
flush privileges;
exit
15. reštartujme apache a mariadb
root@guliverkel:/home/martin# systemctl restart mariadb apache2
root@guliverkel:/home/martin# systemctl status mariadb apache2
● mariadb.service - MariaDB 10.1.44 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-23 21:31:57 CET; 6s ago
Docs: man:mysqld(8)
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-23 21:31:54 CET; 9s ago
16. nainštalujeme balíčky potrebné pre icingu:
apt install icinga2 icinga2-ido-mysql -y
Spýta sa nás:
Enable icinga feature -yes
configure database for icinga -no
17. zapneme icingu a skontrolujeme, či beží
systemctl start icinga2.service
systemctl status icinga2.service
● icinga2.service - Icinga host/service/network monitoring system
Loaded: loaded (/lib/systemd/system/icinga2.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-23 21:33:53 CET; 1min 27s ago
Main PID: 17623 (icinga2)
18. nainštalujeme balíčky pre icingaweb
apt install icingaweb2 icingacli
19. reštartujeme icingu a skontrolujeme status
systemctl restart icinga2.service
systemctl status icinga2.service
root@guliverkel:/home/martin# systemctl status icinga2.service
● icinga2.service - Icinga host/service/network monitoring system
Loaded: loaded (/lib/systemd/system/icinga2.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-23 21:37:20 CET; 600ms ago
20. vymažeme webové súbory
rm /var/www/html/index.html
rm /var/www/html/info.php
21. skopírujeme icinga schéu z /usr/share/icinga2-ido-mysql/schema/mysql.sql
- bude po nás pýtať heslo pre roota do mariadb
mysql -u root icingadb -p < /usr/share/icinga2-ido-mysql/schema/mysql.sql
22. vytvoríme token pomocou icingacli
icingacli setup token create
root@guliverkel:/home/martin# icingacli setup token create
The newly generated setup token is: e55a940b1b3a0023
- ukáže nám token číslo do budúcna
icingacli setup token show
root@guliverkel:/home/martin# icingacli setup token show
The current setup token is: e55a940b1b3a0023
23. webová inštalácia je intuitívna:
Keby ste potrebovali pomoc:
Žiadne komentáre:
Zverejnenie komentára