FreeBSD Ports 를 이용하여 Nginx 를 설치 합니다.

Ports 로 설치 할때는 반드시 Ports Tree 를 업데이트 해야 합니다.

Test Machine 의 경우 Apache24-Mariadb102-php71 이 설치 되어 있는 관계로

Mariadb102 설치와 php71 설치 내용은 별도로 작성 하지 않겠습니다.

 

Ports 트리 업데이트

root@bsd11:~ # 
root@bsd11:~ # portsnap fetch
root@bsd11:~ # portsnap update
root@bsd11:~ # portsnap fetch update

 

2017년 11월 기준 ports nginx version 은 1.12.2 Version 입니다.

root@bsd11:/usr/ports # make search name=nginx
Port:   nginx-1.12.2_1,2
Path:   /usr/ports/www/nginx
Info:   Robust and small WWW server
Maint:  joneum@FreeBSD.org
B-deps: pcre-8.40_1
R-deps: pcre-8.40_1
WWW:    http://nginx.org/

 

설치

root@bsd11:~ # 
root@bsd11:~ # cd /usr/ports/www/nginx && make install clean

옵션선택

HTTP_GEOIP
HTTP_PERL
HTTP_IMAGE_FILTER
HTTP_AUTH_PAM
HTTP_DAV_EXT
HTTP_IMAGE_FILTER
HTTP_SUBS_FILTER
HTTP_ZIP
ECHO
HTTP_UPSTREAM_FAIR
HTTP_XSLT

OK 를 눌러 설치를 진행 합니다.

설치완료후 메세지

===================================================================
Recent version of the NGINX introduces dynamic modules support.  In
FreeBSD ports tree this feature was enabled by default with the DSO
knob.  Several vendor's and third-party modules have been converted
to dynamic modules.  Unset the DSO knob builds an NGINX without
dynamic modules support.

To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks.  When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.

Default path for the NGINX dynamic modules is

/usr/local/libexec/nginx.
===================================================================

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/nginx

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/nginx

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://nginx.org/
===>  Cleaning for GeoIP-1.6.11
===>  Cleaning for libgd-2.2.4_1,1
===>  Cleaning for tiff-4.0.8
===>  Cleaning for jbigkit-2.1_1
===>  Cleaning for webp-0.6.0_4
===>  Cleaning for giflib-5.1.4
===>  Cleaning for nginx-1.12.2_1,2
root@bsd11:/usr/ports/www/nginx # rehash

 

/etc/rc.conf 파일 수정

root@bsd11:~ # 
root@bsd11:~ # vi /etc/rc.conf

php_fpm_enable="YES"
nginx_enable="YES"

 

php-fpm 설정 및  Daemon Start

root@bsd11:~ # 
root@bsd11:~ # cd /usr/local/etc/php-fpm.d/
root@bsd11:/usr/local/etc/php-fpm.d #
root@bsd11:/usr/local/etc/php-fpm.d # vi www.conf
listen.owner = www
listen.group = www
listen.mode = 0660


root@bsd11:~ # service php-fpm start
Performing sanity check on php-fpm configuration:
[19-Nov-2017 20:23:54] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful

Starting php_fpm.
root@bsd11:~ #

 

Daemon 구동 확인

root@bsd11:~ # sockstat -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
www      php-fpm    1179  0  tcp4   127.0.0.1:9000        *:*
www      php-fpm    1178  0  tcp4   127.0.0.1:9000        *:*
root     php-fpm    1177  8  tcp4   127.0.0.1:9000        *:*

 

GeoIP 설정

root@bsd11:~ # 
root@bsd11:~ # wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
--2017-11-19 22:20:02--  http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
Resolving geolite.maxmind.com (geolite.maxmind.com)... 104.16.37.47, 104.16.38.47, 2400:cb00:2048:1::6810:262f, ...
Connecting to geolite.maxmind.com (geolite.maxmind.com)|104.16.37.47|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 674238 (658K) [application/octet-stream]
Saving to: 'GeoIP.dat.gz'

GeoIP.dat.gz                                                        100%[==================================================================================================================================================================>] 658.44K  --.-KB/s    in 0.06s

2017-11-19 22:20:02 (11.0 MB/s) - 'GeoIP.dat.gz' saved [674238/674238]

root@bsd11:~ #  wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
--2017-11-19 22:20:22--  http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
Resolving geolite.maxmind.com (geolite.maxmind.com)... 104.16.38.47, 104.16.37.47, 2400:cb00:2048:1::6810:252f, ...
Connecting to geolite.maxmind.com (geolite.maxmind.com)|104.16.38.47|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11793186 (11M) [application/octet-stream]
Saving to: 'GeoLiteCity.dat.gz'

GeoLiteCity.dat.gz                                                  100%[==================================================================================================================================================================>]  11.25M  13.2MB/s    in 0.9s

2017-11-19 22:20:24 (13.2 MB/s) - 'GeoLiteCity.dat.gz' saved [11793186/11793186]

root@bsd11:~ #
root@bsd11:~ # gunzip ./GeoLiteCity.dat.gz
root@bsd11:~ # gunzip ./GeoIP.dat.gz
root@bsd11:~ # mv Geo* /usr/local/share/GeoIP/

 

Nginx 설정 (nginx.conf 파일수정)

root@bsd11:~ #
root@bsd11:~ # cd /usr/local/etc/nginx/
root@bsd11:/usr/local/etc/nginx # vi nginx.conf
root@bsd11:/usr/local/etc/nginx # cp nginx.conf nginx.conf.org
root@bsd11:/usr/local/etc/nginx # vi nginx.conf
user  www www;
worker_processes  4;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
### Load Modules###
load_module "/usr/local/libexec/nginx/ngx_http_geoip_module.so";

events {
    worker_connections  1024;
}
http {
    geoip_country /usr/local/share/GeoIP/GeoIP.dat;
    geoip_city /usr/local/share/GeoIP/GeoLiteCity.dat;
    include /usr/local/etc/nginx/mime.types;
    default_type application/octet-stream;
    access_log off;
    server_tokens off;
    sendfile on;
    client_max_body_size 200m;
    client_body_buffer_size 1m;
    keepalive_timeout 1;
    port_in_redirect off;
    gzip on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_types text/plain text/css application/json application/x-javascript application/xml application/xml+rss text/javascript;
    gzip_buffers 16 8k;
    gzip_disable "MSIE [1-6].(?!.*SV1)";
    include /usr/local/etc/nginx/conf.d/*.conf;
}

Load Modules 의 경우 geoip 사용을 위하여 load_module 을 추가 하였습니다.

 

fastcgi_params 수정

root@bsd11:/usr/local/etc/nginx # 
root@bsd11:/usr/local/etc/nginx # vi fastcgi_params
#GeoIp Setting
fastcgi_param GEOIP_ADDR $remote_addr;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_REGION_NAME $geoip_region_name;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_AREA_CODE $geoip_area_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_ORGANIZATION $geoip_org;

 

conf.d 디렉토리 생성 및 Directory 생성

root@bsd11:~ #
root@bsd11:~ # mkdir /usr/local/etc/nginx/conf.d
root@bsd11:~ #
root@bsd11:~ # mkdir -p /var/www/test.com
root@bsd11:~ # chown www:www /var/www/test.com
root@bsd11:~ # chmod 755 /var/www/test.com

 

phpinfo 페이지 생성

root@bsd11:~ #
root@bsd11:~ # sh -c 'echo "<?php phpinfo(); ?>" > /var/www/test.com/index.php'

 

test.com.conf 파일 생성 

root@bsd11:~ # 
root@bsd11:~ # cd /usr/local/etc/nginx/conf.d/
root@bsd11:/usr/local/etc/nginx/conf.d # vi test.com.conf

server {
    listen       80;
    server_name  localhost _;
    index        index.php index.html index.htm;
    root         /var/www/test.com;

    location / {
        try_files   $uri $uri/ /index.php?$query_string;
        autoindex on;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
        fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        include fastcgi_params;
    }
}

 

Nginx 실행

root@bsd11:~ # 
root@bsd11:~ # service nginx restart
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Stopping nginx.
Waiting for PIDS: 4815.
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx.
root@bsd11:~ # sockstat -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
www      nginx      4865  7  tcp4   *:80                  *:*
www      nginx      4864  7  tcp4   *:80                  *:*
www      nginx      4863  7  tcp4   *:80                  *:*
www      nginx      4862  7  tcp4   *:80                  *:*
root     nginx      4861  7  tcp4   *:80                  *:*

 

웹브라우저 확인

Percona apache 템플릿을 이용하기 위해서는 ss_get_by_ssh.php 스크립트의 수정이 필요 하며

cacti 계정이 접속 할수 있도록 cshs 작업이 필요 합니다.

 

Apache httpd.conf 파일 수정 및 apache 재시작

root@bsd11:~ # 
root@bsd11:~ # cd /usr/local/etc/apache24/
root@bsd11:/usr/local/etc/apache24 # vi httpd.conf
<Location /server-status>
SetHandler server-status

Order Deny,Allow
Deny from all
Allow from localhost
</Location>
root@bsd11:~ # service apache24 restart

Allow from Domain 또는 localhost 로 설정 합니다.

 

Percona Apache 템플릿을 import 합니다.

root@bsd11:~ #
root@bsd11:~ #
root@bsd11:~ # php /usr/local/share/cacti/cli/import_template.php --filename=/usr/local/share/percona-monitoring-plugins/cacti/templates/cacti_host_template_percona_apache_server_ht_0.8.6i-sver1.1.3.xml
Read 74554 bytes of XML data
Import ResultsCacti has imported the following items for the Template:
CDEF
[success] Percona Turn Into Bits CDEF [unchanged]
[success] Percona Negate CDEF [unchanged]
GPRINT Preset
[success] Percona Apache Server Version t1.1.3:s1.1.3 [new]
[success] Percona Apache Server Checksum e5bcdec29950a544697949887ac841b4 [new]
[success] Percona Normal [unchanged]
Data Input Method
[success] Percona Get Apache Stats/Apache Requests IM [new]
[success] Percona Get Apache Stats/Apache Bytes IM [new]
[success] Percona Get Apache Stats/Apache CPU Load IM [new]
[success] Percona Get Apache Stats/Apache Workers IM [new]
[success] Percona Get Apache Stats/Apache Scoreboard IM [new]
Data Template
[success] Percona Apache Requests DT [new]
[success] Percona Apache Bytes DT [new]
[success] Percona Apache CPU Load DT [new]
[success] Percona Apache Workers DT [new]
[success] Percona Apache Scoreboard DT [new]
Graph Template
[success] Percona Apache Requests GT [new]
[success] Percona Apache Bytes GT [new]
[success] Percona Apache CPU Load GT [new]
[success] Percona Apache Workers GT [new]
[success] Percona Apache Scoreboard GT [new]
Device Template
[success] Percona Apache Server HT [new]
root@bsd11:~ #

 

ss_get_by_ssh.php 스크립트 수정 및 퍼미션 변경

root@bsd11:~ # 
root@bsd11:~ # cd /usr/local/share/cacti/scripts/
root@bsd11:/usr/local/share/cacti/scripts # vi ss_get_by_ssh.php
$ssh_user   = 'cacti';                           # SSH username
$ssh_port   = 22;                                # SSH port
$ssh_iden   = '-i /usr/share/cacti/cacti/.ssh/id_rsa'; # SSH identity

root@bsd11:/usr/local/share/cacti/scripts # chown cacti:cacti ss_get_by_ssh.php

 

cacti 유저 디렉토리 생성

root@bsd11:~ # cd /usr/local/share/cacti/
root@bsd11:/usr/local/share/cacti # mkdir -p cacti/.ssh
root@bsd11:/usr/local/share/cacti # chown -R cacti:cacti cacti/

 

chsh 명령어를 사용하여 cacti 유저 데이터베이스 파일을 변경합니다.

root@bsd11:~ #
root@bsd11:~ #
root@bsd11:~ # chsh cacti
#Changing user information for cacti.
Login: cacti
Password: *
Uid [#]: 107
Gid [# or name]: 107
Change [month day year]:
Expire [month day year]:
Class:
Home directory: /usr/local/share/cacti/cacti
Shell: /bin/csh
Full Name: Cacti Sandbox
Office Location:
Office Phone:
Home Phone:
Other information:

cacti 유저와는 별도로 다른유저로 생성을 하였지만 정상적으로 그래프를 생성하지 못하였습니다.

 

ssh-key 생성

root@bsd11:~ #
root@bsd11:~ #
root@bsd11:~ # su - cacti
% pwd
/usr/local/share/cacti/cacti
% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/usr/local/share/cacti/cacti/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /usr/local/share/cacti/cacti/.ssh/id_rsa.
Your public key has been saved in /usr/local/share/cacti/cacti/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4 cacti@bsd11
The key's randomart image is:
+---[RSA 2048]----+
|     ..oo.+.     |
|      .  *       |
|        = .      |
|         O o     |
|      . S O      |
|.    . + B =     |
|.+  .   o @ .    |
|+o+.+    o =.    |
|=XXE..     .o.   |
+----[SHA256]-----+
%
% cd .ssh/
% cat id_rsa.pub >> authorized_keys
% chmod 600 authorized_keys

 

ssh 접속 테스트

%
% ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:nIS4vw3Qw73/gmtI4JHoLs3h89qMlBRF68h8qfklpt8.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
% logout
Connection to 127.0.0.1 closed.
%
% ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:nIS4vw3Qw73/gmtI4JHoLs3h89qMlBRF68h8qfklpt8.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Sun Nov 19 02:33:19 2017 from localhost
FreeBSD 11.1-RELEASE (GENERIC) #0 r321309: Fri Jul 21 02:08:28 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
% logout
Connection to localhost closed.
%

 

ss_get_by_ssh.php 스크립트 테스트 ( cacti 유저를 이용합니다.)

정상

% php /usr/local/share/cacti/scripts/ss_get_by_ssh.php --type apache0.0.1 --items gg,gh
gg:1 gh:2048%

 

 

비정상 

% php /usr/local/share/cacti/scripts/ss_get_by_ssh.php --type apache --host 127.0.0.1 --items gg,gh
gg:-1 gh:-1%

비정상일 경우 gg:-1 , gh: -1 로 값이 표기 됩니다.

 

웹브라우저 설정

Templates -> Data Source 에서 apache 템플릿을 검색 합니다.

 

Apache 템플릿을 클릭하여 Hostname 을 localhost 로 변경 합니다.

 

Management -> Devices 로 이동합니다.

ADD 버튼을 클릭하여 Device 를 추가 합니다.

 

Description : Apache-Server

Hostname : 127.0.0.1

Device Template : Percona Apache Server HP

Create 버튼을 클릭합니다.

 

Create Graphs for this Device 를 클릭합니다.

(우측상단)

 

모니터링 항목을 선택후 Create 버튼을 클릭합니다.

 

Graphs 메뉴를 클릭후 Device 를 Apache-Server 로 변경 하여 모니터링을 합니다.

최초 그래프 생성까지 약 5분 ~ 10분 정도 소요 됩니다.

 

모니터링 결과값 확인 (15분 경과)

 

/var/log/auth.log 확인

정상적인 로그

root@bsd11:~ # tail -f /var/log/auth.log
Nov 19 02:58:00 bsd11 sshd[2023]: Accepted publickey for cacti from 127.0.0.1 port 57872 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 02:58:00 bsd11 sshd[2025]: Received disconnect from 127.0.0.1 port 57872:11: disconnected by user
Nov 19 02:58:00 bsd11 sshd[2025]: Disconnected from 127.0.0.1 port 57872
Nov 19 03:00:10 bsd11 sshd[2126]: Accepted publickey for cacti from 127.0.0.1 port 51733 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:00:10 bsd11 sshd[2128]: Received disconnect from 127.0.0.1 port 51733:11: disconnected by user
Nov 19 03:00:10 bsd11 sshd[2128]: Disconnected from 127.0.0.1 port 51733
Nov 19 03:01:00 bsd11 sshd[2292]: Accepted publickey for cacti from 127.0.0.1 port 41944 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:01:00 bsd11 sshd[2295]: Received disconnect from 127.0.0.1 port 41944:11: disconnected by user
Nov 19 03:01:00 bsd11 sshd[2295]: Disconnected from 127.0.0.1 port 41944
Nov 19 03:02:21 bsd11 sshd[2450]: Accepted keyboard-interactive/pam for root from 112.187.207.28 port 12688 ssh2
Nov 19 03:04:00 bsd11 sshd[2502]: Accepted publickey for cacti from 127.0.0.1 port 17207 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:04:01 bsd11 sshd[2504]: Received disconnect from 127.0.0.1 port 17207:11: disconnected by user
Nov 19 03:04:01 bsd11 sshd[2504]: Disconnected from 127.0.0.1 port 17207

 

비정상적인 로그

root@bsd11:~ # tail -f /var/log/auth.log
Nov 19 03:00:10 bsd11 sshd[2126]: Accepted publickey for cacti from 127.0.0.1 port 51733 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:00:10 bsd11 sshd[2128]: Received disconnect from 127.0.0.1 port 51733:11: disconnected by user
Nov 19 03:00:10 bsd11 sshd[2128]: Disconnected from 127.0.0.1 port 51733
Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost
Nov 19 03:01:00 bsd11 sshd[2292]: Accepted publickey for cacti from 127.0.0.1 port 41944 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:01:00 bsd11 sshd[2295]: Received disconnect from 127.0.0.1 port 41944:11: disconnected by user
Nov 19 03:01:00 bsd11 sshd[2295]: Disconnected from 127.0.0.1 port 41944
Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost
Nov 19 03:02:21 bsd11 sshd[2450]: Accepted keyboard-interactive/pam for root from 112.187.207.28 port 12688 ssh2
Nov 19 03:04:00 bsd11 sshd[2502]: Accepted publickey for cacti from 127.0.0.1 port 17207 ssh2: RSA SHA256:8eb2tpB5MIkPhVlhgFT7iel8wyDq4ic3yu6Dvmuwuf4
Nov 19 03:04:01 bsd11 sshd[2504]: Received disconnect from 127.0.0.1 port 17207:11: disconnected by user
Nov 19 03:04:01 bsd11 sshd[2504]: Disconnected from 127.0.0.1 port 17207

Nov 19 03:00:10 bsd11 sshd[2128]: error: PAM: authentication error for cacti from localhost 메시지가 출력 됩니다.

 

 

Mariadb 모니터링

Cacti 설치시 시스템의 Disk , Network , Memory , CPU 등의 자원을 모니터링 할수 있습니다.

Percona 설치후 Apache , Nginx , mysql 등의 서비스를 모니터링 할수 있습니다.

자세한 내용은 Percona Site 에서 확인 하실수 있습니다.

Percona Site 에서 확인시 아래와 같은 Templaters 를 사용할수 있으며  Freebsd 에서는

Templaters for Cacti

Percona Monitoring Plugins for Cacti
Frequently Asked Questions on Cacti Templates
Installing Percona Monitoring Plugins for Cacti
Customizing Percona Monitoring Plugins for Cacti
Percona MySQL Monitoring Template for Cacti
Percona Galera/MySQL Monitoring Template for Cacti
Installing SSH-Based Templates
Percona Apache Monitoring Template for Cacti
Percona JMX Monitoring Template for Cacti
Percona Linux Monitoring Template for Cacti
Percona Memcached Monitoring Template for Cacti
Percona MongoDB Monitoring Template for Cacti
Percona Nginx Monitoring Template for Cacti
Percona OpenVZ Monitoring Template for Cacti
Percona Redis Monitoring Template for Cacti
Percona Amazon RDS Monitoring Template for Cacti
Cacti Templates Developer Documentation
Hardening Cacti setup
Upgrading Percona Monitoring Plugins for Cacti

 

freebsd percona-plugins ports 설치시 제공 템플릿

apache_server
galera_server
gnu_linux_server
jmx_server
memcached_server
mongodb_server
mysql_server
nginx_server
openvz_server
rds_server
redis_server

 

percona plugins 설치

root@bsd11:~ # 
root@bsd11:~ # whereis percona-monitoring-plugins
percona-monitoring-plugins: /usr/ports/net-mgmt/percona-monitoring-plugins
root@bsd11:~ # cd /usr/ports/net-mgmt/percona-monitoring-plugins/ && make install clean

 

설치완료후 메세지

====> Compressing man pages (compress-man)
===>  Installing for percona-monitoring-plugins-1.1.3_3
===>  Checking if percona-monitoring-plugins already installed
===>   Registering installation for percona-monitoring-plugins-1.1.3_3
Installing percona-monitoring-plugins-1.1.3_3...
===>  Cleaning for p5-DBD-mysql-4.043
===>  Cleaning for p5-DBI-1.637
===>  Cleaning for p5-Devel-CheckLib-1.11
===>  Cleaning for bash-4.4.12_3
===>  Cleaning for wget-1.19.2
===>  Cleaning for libidn2-2.0.4
===>  Cleaning for libunistring-0.9.7
===>  Cleaning for percona-monitoring-plugins-1.1.3_3
root@bsd11:/usr/ports/net-mgmt/percona-monitoring-plugins #

 

percona-scripts 설정

root@bsd11:~ # 
root@bsd11:/usr/local/share/cacti/scripts # vi ss_get_mysql_stats.php
$mysql_user = 'cacti';
$mysql_pass = 'password';
$mysql_port = 3306;


 

mysql 설정

root@bsd11:~ #
root@bsd11:~ #
root@bsd11:~ # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 57
Server version: 10.2.10-MariaDB-log FreeBSD Ports

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> GRANT SUPER, PROCESS ON *.* TO 'cacti'@'%' IDENTIFIED BY "password";
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit;
Bye
root@bsd11:~ #

 

 

 

/usr/local/share/percona-monitoring-plugins/cacti/templates 디렉토리에 모니터링을 할수 있는 Daemon 의 템플릿들이 있습니다. 

ex) mysql , apache 등등

root@bsd11:/usr/local/share/percona-monitoring-plugins/cacti/templates # ls
cacti_host_template_percona_apache_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_galera_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_gnu_linux_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_jmx_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_memcached_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_mongodb_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_mysql_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_nginx_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_openvz_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_rds_server_ht_0.8.6i-sver1.1.3.xml
cacti_host_template_percona_redis_server_ht_0.8.6i-sver1.1.3.xml
root@bsd11:/usr/local/share/percona-monitoring-plugins/cacti/templates #

 

mysql 템플릿 추가

root@bsd11:~ # 
root@bsd11:~ # 
root@bsd11:~ # php /usr/local/share/cacti/cli/import_template.php --filename=/usr/local/share/percona-monitoring-plugins/cacti/templates/cacti_host_template_percona_mysql_server_ht_0.8.6i-sver1.1.3.xml
Read 888147 bytes of XML data
Import ResultsCacti has imported the following items for the Template:
CDEF
[success] Percona Turn Into Bits CDEF [unchanged]
[success] Percona Negate CDEF [unchanged]
GPRINT Preset
[success] Percona MySQL Server Checksum 348cfd8fa45fa8a5357ab261aa9b00ad [new]
[success] Percona MySQL Server Version t1.1.3:s1.1.3 [new]
[success] Percona Normal [unchanged]
Data Input Method
[success] Percona Get MySQL Stats/MyISAM Indexes IM [new]
[success] Percona Get MySQL Stats/MyISAM Key Cache IM [new]
[success] Percona Get MySQL Stats/InnoDB Buffer Pool IM [new]
[success] Percona Get MySQL Stats/InnoDB I/O IM [new]
[success] Percona Get MySQL Stats/InnoDB Insert Buffer IM [new]
[success] Percona Get MySQL Stats/InnoDB Insert Buffer Usage IM [new]
[success] Percona Get MySQL Stats/InnoDB Semaphores IM [new]
[success] Percona Get MySQL Stats/InnoDB Row Operations IM [new]
[success] Percona Get MySQL Stats/MySQL Table Locks IM [new]
[success] Percona Get MySQL Stats/MySQL Connections IM [new]
[success] Percona Get MySQL Stats/MySQL Replication IM [new]
[success] Percona Get MySQL Stats/MySQL Query Cache IM [new]
[success] Percona Get MySQL Stats/MySQL Query Cache Memory IM [new]
[success] Percona Get MySQL Stats/MySQL Command Counters IM [new]
[success] Percona Get MySQL Stats/MySQL Select Types IM [new]
[success] Percona Get MySQL Stats/MySQL Sorts IM [new]
[success] Percona Get MySQL Stats/MySQL Temporary Objects IM [new]
[success] Percona Get MySQL Stats/MySQL Network Traffic IM [new]
[success] Percona Get MySQL Stats/InnoDB Buffer Pool Activity IM [new]
[success] Percona Get MySQL Stats/InnoDB I/O Pending IM [new]
[success] Percona Get MySQL Stats/InnoDB Log IM [new]
[success] Percona Get MySQL Stats/MySQL Binary/Relay Logs IM [new]
[success] Percona Get MySQL Stats/InnoDB Transactions IM [new]
[success] Percona Get MySQL Stats/InnoDB Transactions Active/Locked IM [new]
[success] Percona Get MySQL Stats/MySQL Files and Tables IM [new]
[success] Percona Get MySQL Stats/MySQL Threads IM [new]
[success] Percona Get MySQL Stats/InnoDB Memory Allocation IM [new]
[success] Percona Get MySQL Stats/InnoDB Adaptive Hash Index IM [new]
[success] Percona Get MySQL Stats/InnoDB Internal Hash Memory Usage IM [new]
[success] Percona Get MySQL Stats/InnoDB Tables In Use IM [new]
[success] Percona Get MySQL Stats/InnoDB Current Lock Waits IM [new]
[success] Percona Get MySQL Stats/InnoDB Lock Structures IM [new]
[success] Percona Get MySQL Stats/InnoDB Checkpoint Age IM [new]
[success] Percona Get MySQL Stats/InnoDB Row Lock Time IM [new]
[success] Percona Get MySQL Stats/InnoDB Row Lock Waits IM [new]
[success] Percona Get MySQL Stats/InnoDB Semaphore Waits IM [new]
[success] Percona Get MySQL Stats/InnoDB Semaphore Wait Time IM [new]
[success] Percona Get MySQL Stats/MySQL Processlist IM [new]
[success] Percona Get MySQL Stats/MySQL Transaction Handler IM [new]
[success] Percona Get MySQL Stats/MySQL Handlers IM [new]
[success] Percona Get MySQL Stats/MySQL Query Time Histogram (Count) IM [new]
[success] Percona Get MySQL Stats/MySQL Query Response Time (Microseconds) IM [new]
[success] Percona Get MySQL Stats/InnoDB Buffer Pool Efficiency IM [new]
Data Template
[success] Percona MyISAM Indexes DT [new]
[success] Percona MyISAM Key Cache DT [new]
[success] Percona InnoDB Buffer Pool DT [new]
[success] Percona InnoDB I/O DT [new]
[success] Percona InnoDB Insert Buffer DT [new]
[success] Percona InnoDB Insert Buffer Usage DT [new]
[success] Percona InnoDB Semaphores DT [new]
[success] Percona InnoDB Row Operations DT [new]
[success] Percona MySQL Table Locks DT [new]
[success] Percona MySQL Connections DT [new]
[success] Percona MySQL Replication DT [new]
[success] Percona MySQL Query Cache DT [new]
[success] Percona MySQL Query Cache Memory DT [new]
[success] Percona MySQL Command Counters DT [new]
[success] Percona MySQL Select Types DT [new]
[success] Percona MySQL Sorts DT [new]
[success] Percona MySQL Temporary Objects DT [new]
[success] Percona MySQL Network Traffic DT [new]
[success] Percona InnoDB Buffer Pool Activity DT [new]
[success] Percona InnoDB I/O Pending DT [new]
[success] Percona InnoDB Log DT [new]
[success] Percona MySQL Binary/Relay Logs DT [new]
[success] Percona InnoDB Transactions DT [new]
[success] Percona InnoDB Transactions Active/Locked DT [new]
[success] Percona MySQL Files and Tables DT [new]
[success] Percona MySQL Threads DT [new]
[success] Percona InnoDB Memory Allocation DT [new]
[success] Percona InnoDB Adaptive Hash Index DT [new]
[success] Percona InnoDB Internal Hash Memory Usage DT [new]
[success] Percona InnoDB Tables In Use DT [new]
[success] Percona InnoDB Current Lock Waits DT [new]
[success] Percona InnoDB Lock Structures DT [new]
[success] Percona InnoDB Checkpoint Age DT [new]
[success] Percona InnoDB Row Lock Time DT [new]
[success] Percona InnoDB Row Lock Waits DT [new]
[success] Percona InnoDB Semaphore Waits DT [new]
[success] Percona InnoDB Semaphore Wait Time DT [new]
[success] Percona MySQL Processlist DT [new]
[success] Percona MySQL Transaction Handler DT [new]
[success] Percona MySQL Handlers DT [new]
[success] Percona MySQL Query Time Histogram (Count) DT [new]
[success] Percona MySQL Query Response Time (Microseconds) DT [new]
[success] Percona InnoDB Buffer Pool Efficiency DT [new]
Graph Template
[success] Percona MyISAM Indexes GT [new]
[success] Percona MyISAM Key Cache GT [new]
[success] Percona InnoDB Buffer Pool GT [new]
[success] Percona InnoDB I/O GT [new]
[success] Percona InnoDB Insert Buffer GT [new]
[success] Percona InnoDB Insert Buffer Usage GT [new]
[success] Percona InnoDB Semaphores GT [new]
[success] Percona InnoDB Row Operations GT [new]
[success] Percona MySQL Table Locks GT [new]
[success] Percona MySQL Connections GT [new]
[success] Percona MySQL Replication GT [new]
[success] Percona MySQL Query Cache GT [new]
[success] Percona MySQL Query Cache Memory GT [new]
[success] Percona MySQL Command Counters GT [new]
[success] Percona MySQL Select Types GT [new]
[success] Percona MySQL Sorts GT [new]
[success] Percona MySQL Temporary Objects GT [new]
[success] Percona MySQL Network Traffic GT [new]
[success] Percona InnoDB Buffer Pool Activity GT [new]
[success] Percona InnoDB I/O Pending GT [new]
[success] Percona InnoDB Log GT [new]
[success] Percona MySQL Binary/Relay Logs GT [new]
[success] Percona InnoDB Transactions GT [new]
[success] Percona InnoDB Transactions Active/Locked GT [new]
[success] Percona MySQL Files and Tables GT [new]
[success] Percona MySQL Threads GT [new]
[success] Percona InnoDB Memory Allocation GT [new]
[success] Percona InnoDB Adaptive Hash Index GT [new]
[success] Percona InnoDB Internal Hash Memory Usage GT [new]
[success] Percona InnoDB Tables In Use GT [new]
[success] Percona InnoDB Current Lock Waits GT [new]
[success] Percona InnoDB Lock Structures GT [new]
[success] Percona InnoDB Checkpoint Age GT [new]
[success] Percona InnoDB Row Lock Time GT [new]
[success] Percona InnoDB Row Lock Waits GT [new]
[success] Percona InnoDB Semaphore Waits GT [new]
[success] Percona InnoDB Semaphore Wait Time GT [new]
[success] Percona MySQL Processlist GT [new]
[success] Percona MySQL Transaction Handler GT [new]
[success] Percona MySQL Handlers GT [new]
[success] Percona MySQL Query Time Histogram (Count) GT [new]
[success] Percona MySQL Query Response Time (Microseconds) GT [new]
[success] Percona InnoDB Buffer Pool Efficiency GT [new]
Device Template
[success] Percona MySQL Server HT [new]
root@bsd11:~ #

 

ss_get_mysql_stats.php 스크립트 테스트

root@bsd11:~ # php -q /usr/local/share/cacti/scripts/ss_get_mysql_stats.php --host localhost --items mm,mw,mx,my
mm:62762 mw:0 mx:0 my:0root@bsd11:~ #

 

 

웹브라우저 설정

data source 수정

 

Mariadb-Server Device 생성

 

Create Graphs for this Device 를 눌러 모니터링 항목을 지정 합니다.

 

모니터링 항목지정

모니터링 항목 지정후 Create 를 눌러 그래프를 생성 합니다.

 

모니터링 결과 확인

(그래프의 경우 약 5 ~ 10분후 확인 가능 합니다.)

 

DB 모니터링의 경우 System 모니터링보다 다소 시간이 걸립니다.

 

 

 

참고 자료

Import 참고 // php 명령어로 Import 시킬수 있으며 Web 브라우저에서도 Import 가능 합니다.  

 

 

 

 

Cacti-spine 설치

 

기존 cmd.php 사용시 모니터링 장비가 늘어날 경우 모니터링을 할수 없는 현상이 발생할수 있습니다.

 

참고자료

https://www.cacti.net/downloads/docs/html/using_spine.html

Chapter 15. Spine

Spine is the fast replacement for cmd.php. It is written in C to ensure ultimate performance for device polling. Expect a decrease in polling time of an order of magnitude. Polling times far less than 60 seconds for about 20,000 data sources are achievable e.g. on a dual XEON system supplied with 4 GB RAM and standard local disks.

 

When using Spine, don’t change crontab settings! Always use poller.php with crontab! To activate Spine instead of cmd.php, please visit Settings and select the Poller tab. Select Spine and save. Now, poller.php will use Spine on all subsequent polling cycles.

 

While Spine is really fast, choosing the correct setup will ensure, that all processor resources are used. Required settings for Maximum Concurrent Poller Processes are 1-2 times the number of CPU cores available for Spine.

 

 

 

 

Table 15-1. Spine Specific Execution Parameters

Maximum Threads per Process

The maximum threads allowed per process. Using a higher number when using Spine will improve performance. Required settings are 10-15. Values above 50 are most often insane and may degrade preformance

Number of PHP Script Servers

The number of concurrent script server processes to run per Spine process. Settings between 1 and 10 are accepted. Script Servers will pre-load a PHP environment. Then, the Script Server Scripts are included into that environment to save the overhead of reloading PHP each and every time.

Script and Script Server Timeout Value

The maximum time that Spine will wait on a script to complete, in units of seconds. If a Script Server Script is terminated due to timeout conditions, the value entered into the rrd file will be NaN

The Maximum SNMP OID’s Per SNMP Get Request

The maximum number of snmp get OID’s to issue per snmp request. Increasing this value speeds poller performance over slow links. The maximum value is 60 OID’s. Please bear in mind, that some type of devices do not accept huge OID numbers and may fail if set above 1. That’s why cacti 0.8.7 allows to define this value at device level

 

cacti-spine 설치

root@bsd11:~ # whereis cacti-spine
cacti-spine: /usr/ports/net-mgmt/cacti-spine
root@bsd11:~ # cd /usr/ports/net-mgmt/cacti-spine/ && make install clean

 

설치 완료후 메세지

Installing spine-1.1.27...
===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/bin/spine

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
https://cacti.net/spine_info.php
===>  Cleaning for spine-1.1.27
root@bsd11:/usr/ports/net-mgmt/cacti-spine #

/usr/local/etc/spine.conf 를 설정 합니다.

root@bsd11:/usr/ports/net-mgmt/cacti-spine # rehash
root@bsd11:/usr/ports/net-mgmt/cacti-spine # vi /usr/local/etc/spine.conf
DB_Host                 localhost
DB_Database             cacti
DB_User                 cacti
DB_Pass                 password
DB_Port                 3306

 

Web 브라우저 설정

Configuration -> Settings -> 상위 메뉴 Poller 에서 poller Type 를 spine 으로 변경

Poller Interval 의 경우 Every Minute 으로 변경 합니다. 

Maximum Threads per Process
(The maximum threads allowed per process. Using a higher number when using Spine will improve performance)

Default 1 -> 16 변경

Number of PHP Script Servers
(The number of concurrent script server processes to run per Spine process. Settings between 1 and 10 are accepted. This parameter will help if you are running several threads and script server scripts)

Default 1 -> 8 변경

 

FreeBSD10 mysql57-server install 

 

root@bsd10:~ # whereis mysql57-server
mysql57-server: /usr/ports/databases/mysql57-server
root@bsd10:~ # cd /usr/ports/databases/mysql57-server && make install clean

 

OK 선택 하여 설치를 진행 합니다.

설치완료후 메세지

*****************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

*****************************************************************************

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/lib/mysql/plugin/mysqlx.so
/usr/local/lib/mysql/plugin/group_replication.so
/usr/local/libexec/mysqld

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/mysql-server

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://www.mysql.com/
root@bsd10:/usr/ports/databases/mysql57-server #

 

DB 디렉토리 생성

root@bsd10:~ # mkdir /mysql
root@bsd10:~ # chown -R mysql:mysql /mysql

 

/etc/rc.conf 수정

root@bsd10:~ # vi /etc/rc.conf
mysql_enable="YES"
mysql_dbdir="/mysql"

 

my.cnf  수정

root@bsd10:~ # vi /usr/local/etc/mysql/my.cnf
[client]
port                            = 3306
socket                          = /tmp/mysql.sock
default-character-set = utf8

[mysqld]
user                            = mysql
port                            = 3306
socket                          = /tmp/mysql.sock
bind-address                    = 127.0.0.1
basedir                         = /usr/local
#datadir                         = /var/db/mysql
datadir                         = /mysql

character-set-server=utf8
skip-character-set-client-handshake

 

mysql-server 구동및 동작확인

root@bsd10:~ # service mysql-server start
Starting mysql.
root@bsd10:~ #
root@bsd10:~ # sockstat -4|grep -i mysql
mysql    mysqld     69144 23 tcp4   127.0.0.1:3306        *:*
root@bsd10:~ #

 

mysql-server 설정

root@bsd10:~ # /usr/local/bin/mysql_secure_installation
mysql_secure_installation: [ERROR] unknown variable 'default-character-set=utf8'

Securing the MySQL server deployment.

Connecting to MySQL server using password in '/root/.mysql_secret'

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: no
Using existing password for root.
Change the password for root ? ((Press y|Y for Yes, any other key for No) : y

New password:

Re-enter new password:
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.

All done!
root@bsd10:~ #

 

패스워드 변경 및 locale 확인

root@bsd10:~ # mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.7.20-log

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> SET PASSWORD FOR root@localhost=password('password');
Query OK, 0 rows affected, 1 warning (0.00 sec)

root@localhost [(none)]> quit;
Bye
root@bsd10:~ # mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.20-log Source distribution

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost [(none)]> status;
--------------
mysql  Ver 14.14 Distrib 5.7.20, for FreeBSD10.4 (amd64) using  EditLine wrapper

Connection id:          8
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          more
Using outfile:          ''
Using delimiter:        ;
Server version:         5.7.20-log Source distribution
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /tmp/mysql.sock
Uptime:                 3 min 48 sec

Threads: 1  Questions: 30  Slow queries: 0  Opens: 117  Flush tables: 1  Open ta                                                                                                                                                                                               bles: 111  Queries per second avg: 0.131
--------------

root@localhost [(none)]> quit;
Bye
root@bsd10:~ #

 

cacti 권장 my.cnf 값

character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
skip-character-set-client-handshake
max_heap_table_size             = 200M
tmp_table_size                  = 64M
join_buffer_size                = 64M
innodb_doublewrite              = OFF
innodb_flush_log_at_timeout     = 3
innodb_read_io_threads          = 32
innodb_write_io_threads         = 16

 

FreeBSD Cacti 설치

APM 설치가 진행 되어 있어야 합니다.

apm 설치의 경우 (freebsd_apm설치) 를 참고 하시면 됩니다.

(가상화 환경에서 설치 한다고 하면 2Core Cpu 에 메모리 4G 정도 추가 하여 설치 하시기 바랍니다. 1Core / 메모리 1G 시 3시간 이상 걸립니다.)

pkg install cacti 로 설치 하여도 됩니다.

ports 설치시 cacti 에 필요한 패키지를 한번에 설치 할수 있는 장점이 있지만 설치시간이 오래 걸리는 단점도 있습니다.

 

Cacti 설치

root@bsd11:~ # whereis cacti
cacti: /usr/ports/net-mgmt/cacti
root@bsd11:~ # cd /usr/ports/net-mgmt/cacti && make install clean
===>  License GPLv2 accepted by the user
===>   cacti-1.1.27 depends on file: /usr/local/sbin/pkg - found
=> cacti-1.1.27.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch http://www.cacti.net/downloads/cacti-1.1.27.tar.gz
cacti-1.1.27.tar.gz                            32% of 8737 kB   24 kBps 03m49s

패키지 다운로드후 별도의 체크 없이 OK 를 눌러 설치를 진행 합니다.

(추가적으로 같이 설치될 패키가 있을경우 체크 하여 설치 하여도 됩니다.)

 

설치완료후 메세지

Cacti is now installed. If you install it for the first time,
you may have to follow this steps to make it work correctly:

1. Create the MySQL database, a cacti user, and initialize:
   a) CREATE DATABASE `cacti`;
   b) Create a mysql user/password for cacti:
      CREATE USER 'cacti'@'localhost' IDENTIFIED BY 'password';
      FLUSH PRIVILEGES;
   c) Add GRANTS:
      GRANT ALL ON `cacti`.* TO 'cacti'@'localhost';
      GRANT SELECT ON `mysql`.`time_zone_name` TO 'cacti'@'localhost';
      FLUSH PRIVILEGES;
   d) Import the default cacti database:
      mysql --database=cacti -ucacti -p < /usr/local/share/cacti/cacti.sql

   If you haven't already imported your MySQL timezone data, you need to do this:
      mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

 NOTE:
   * Cacti does not LOCK TABLES.

2. Edit /usr/local/share/cacti/include/config.php from the template
   config.php.orig.

   PHP requires the time zone to be explicitly set rather that rely on
   the system time zone, otherwise poller complains. I added the
   following line to my config.php:

   date_default_timezone_set('America/Los_Angeles');

3. Add the following line to cron for cacti:
*/5 * * * * /usr/local/bin/php /usr/local/share/cacti/poller.php > /dev/null 2>&1

4. Example Apache 2.4 configuration:
   (This assumes that you have installed a working PHP Apache install, e.g. with mod_php)


   <FilesMatch "\.php$">
       SetHandler application/x-httpd-php
   </FilesMatch>
   <FilesMatch "\.phps$">
       SetHandler application/x-httpd-php-source
   </FilesMatch>

   DirectoryIndex index.php

   DocumentRoot "/usr/local/share/cacti"

   Alias /cacti "/usr/local/share/cacti/"
   Alias /Cacti "/usr/local/share/cacti/"

   <Directory "/usr/local/share/cacti">
      Require all granted
      AllowOverride None
      Order Allow,deny
      Allow from all
   </Directory>

5. Open a Cacti login page in your web browser and follow the install instructions.


If you update cacti, open a login page and an updating process will
start automatically.

NOTEs as of 10Aug2014:

1) Cacti now better supports hier(7)

   a) Cacti log files are now found under /var/log/cacti where you can
      manage them using newsyslog.
   b) Cacti RRD files are now found under /var/db/cacti/rra.

   If you have an existing Cacti installation these paths are also
   found in Cacti's SQL database and MUST be updated. These two SQL
   commands should do the trick:

   UPDATE settings SET value='/var/log/cacti/log' \
     WHERE name='path_cactilog';

   UPDATE poller_item SET rrd_path=\
     REPLACE(rrd_path,'/usr/local/share/cacti/rra','/var/db/cacti/rra') \
     WHERE rrd_path REGEXP '^/usr/local/share/cacti/rra';

2) The PERL paths in the Cacti PERL scripts have been updated to
   /usr/local/bin.

Other Erratas:
   1) Mount linprocfs in /compat/linux/proc will allow most scripts to work.
   2) This package does not install a MySQL server in case you wish to use an
      external MySQL server.  Install a package such as mysql57-server if you
      require a local server.
=======================================================================

===>  Cleaning for rrdtool-1.7.0_1
===>  Cleaning for intltool-0.51.0_1
===>  Cleaning for p5-XML-Parser-2.44
===>  Cleaning for freetype2-2.8_1
===>  Cleaning for png-1.6.34
===>  Cleaning for cairo-1.14.8_1,2
===>  Cleaning for xcb-util-renderutil-0.3.9_1
===>  Cleaning for xorg-macros-1.19.1
===>  Cleaning for libxcb-1.12_2
===>  Cleaning for check-0.12.0
===>  Cleaning for xcb-proto-1.12
===>  Cleaning for libpthread-stubs-0.4
===>  Cleaning for libxslt-1.1.29_1
===>  Cleaning for libgcrypt-1.8.1
===>  Cleaning for libgpg-error-1.27
===>  Cleaning for libXau-1.0.8_3
===>  Cleaning for xproto-7.0.31
===>  Cleaning for libXdmcp-1.1.2
===>  Cleaning for xcb-util-0.4.0_2,1
===>  Cleaning for mesa-libs-17.2.4
===>  Cleaning for llvm40-4.0.1_3
===>  Cleaning for binutils-2.28,1
===>  Cleaning for gmp-6.1.2
===>  Cleaning for mpfr-3.1.6
===>  Cleaning for swig30-3.0.12
===>  Cleaning for lua52-5.2.4
===>  Cleaning for py27-enum34-1.1.6
===>  Cleaning for ninja-1.8.2,2
===>  Cleaning for dri2proto-2.8
===>  Cleaning for dri3proto-1.0
===>  Cleaning for glproto-1.4.17
===>  Cleaning for presentproto-1.1
===>  Cleaning for libX11-1.6.5,1
===>  Cleaning for bigreqsproto-1.1.2
===>  Cleaning for xcmiscproto-1.2.2
===>  Cleaning for xextproto-7.3.0
===>  Cleaning for xtrans-1.3.5
===>  Cleaning for kbproto-1.0.7
===>  Cleaning for inputproto-2.3.2
===>  Cleaning for xf86bigfontproto-1.2.0
===>  Cleaning for libXdamage-1.1.4_3
===>  Cleaning for damageproto-1.2.1
===>  Cleaning for fixesproto-5.0
===>  Cleaning for libXfixes-5.0.3
===>  Cleaning for libXext-1.3.3_1,1
===>  Cleaning for libxshmfence-1.2_2
===>  Cleaning for libXxf86vm-1.1.4_1
===>  Cleaning for xf86vidmodeproto-2.3.1
===>  Cleaning for libdrm-2.4.88,1
===>  Cleaning for libpciaccess-0.13.5
===>  Cleaning for pciids-20171011
===>  Cleaning for libunwind-20170113_1
===>  Cleaning for pixman-0.34.0
===>  Cleaning for libXrender-0.9.10
===>  Cleaning for renderproto-0.11.1
===>  Cleaning for fontconfig-2.12.1,1
===>  Cleaning for glib-2.50.2_7,1
===>  Cleaning for pango-1.40.6
===>  Cleaning for gobject-introspection-1.50.0,1
===>  Cleaning for libXft-2.3.2_1
===>  Cleaning for harfbuzz-1.5.1_1
===>  Cleaning for graphite2-1.3.10
===>  Cleaning for xorg-fonts-truetype-7.7_1
===>  Cleaning for font-bh-ttf-1.0.3_3
===>  Cleaning for mkfontdir-1.0.7
===>  Cleaning for mkfontscale-1.1.2
===>  Cleaning for libfontenc-1.1.3_1
===>  Cleaning for bdftopcf-1.0.5
===>  Cleaning for libXfont-1.5.2,2
===>  Cleaning for fontsproto-2.1.3,1
===>  Cleaning for font-misc-meltho-1.0.3_3
===>  Cleaning for font-misc-ethiopic-1.0.3_3
===>  Cleaning for encodings-1.0.4_3,1
===>  Cleaning for font-util-1.3.1
===>  Cleaning for dejavu-2.37
===>  Cleaning for php71-ctype-7.1.11
===>  Cleaning for php71-filter-7.1.11
===>  Cleaning for php71-gd-7.1.11
===>  Cleaning for libXpm-3.5.12
===>  Cleaning for libXt-1.1.5,1
===>  Cleaning for libSM-1.2.2_3,1
===>  Cleaning for libICE-1.0.9_1,1
===>  Cleaning for jpeg-turbo-1.5.2
===>  Cleaning for nasm-2.13.01,1
===>  Cleaning for php71-gettext-7.1.11
===>  Cleaning for php71-gmp-7.1.11
===>  Cleaning for php71-hash-7.1.11
===>  Cleaning for php71-json-7.1.11
===>  Cleaning for php71-ldap-7.1.11
===>  Cleaning for openldap-client-2.4.45
===>  Cleaning for php71-mbstring-7.1.11
===>  Cleaning for oniguruma6-6.6.1
===>  Cleaning for php71-openssl-7.1.11
===>  Cleaning for php71-pdo-7.1.11
===>  Cleaning for php71-pdo_mysql-7.1.11
===>  Cleaning for php71-posix-7.1.11
===>  Cleaning for php71-session-7.1.11
===>  Cleaning for php71-simplexml-7.1.11
===>  Cleaning for php71-sockets-7.1.11
===>  Cleaning for php71-snmp-7.1.11
===>  Cleaning for net-snmp-5.7.3_17
===>  Cleaning for php71-xml-7.1.11
===>  Cleaning for php71-zlib-7.1.11
===>  Cleaning for cacti-1.1.27
root@bsd11:/usr/ports/net-mgmt/cacti #

 

db 생성

root@bsd11:~ #
root@bsd11:~ # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.2.10-MariaDB-log FreeBSD Ports

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database cacti;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.01 sec)

MariaDB [mysql]> FLUSH privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> quit
Bye
root@bsd11:~ #

GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY ‘password’; <– password 부분은 별도의 패스워드로 수정합니다. 

 

cacti.sql 파일을 import 합니다.

root@bsd11:~ # mysql -u root -p cacti < /usr/local/share/cacti/cacti.sql
Enter password:
root@bsd11:~ #

 

php timezone 수정 

root@bsd11:~ # vi /usr/local/etc/php.ini
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = Asia/Seoul

 

cacti 설정파일 카피 및 수정 

root@bsd11:~ # cp /usr/local/share/cacti/include/config.php.sample /usr/local/share/cacti/include/config.php
root@bsd11:~ # vi /usr/local/share/cacti/include/config.php

/* make sure these values reflect your actual database/host/user/password */

$database_type     = 'mysql';
$database_default  = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cacti';
$database_password = 'password';
$database_port     = '3306';
$database_ssl      = false;

(설정 내용은 cactiuser 에서 mariadb 에서 생성한 cacti 로 변경 password 의 경우 설정한 password 로 변경 하시면 됩니다.)

 

/etc/rc.conf 파일수정

root@bsd11:~ # vi /etc/rc.conf
linux_enable="YES"
snmpd_enable="YES"
snmptrapd_enable="YES"

(linux_enable 의 경우 rc.conf 에 추가후 리부팅이 필요 합니다. cacti 의 경우 snmpd 를 사용합니다.)

 

/usr/local/share/snmp/snmpd.conf 설정

root@bsd11:~ # cp /usr/local/share/snmp/snmpd.conf.example /usr/local/share/snmp/snmpd.conf
root@bsd11:~ # vi /usr/local/share/snmp/snmpd.conf
#trap2sink    localhost public    <-- 주석 제거
#rocommunity public  localhost    <-- 주석 제거

(snmpd 보안설정의 경우에는 차후 설명하도록 하겠습니다.)

 

/etc/crontab 설정

root@bsd11:~ # vi /etc/crontab
# Adjust the time zone if the CMOS clock keeps local time, as opposed to
# UTC time.  See adjkerntz(8) for details.
1,31    0-5     *       *       *       root    adjkerntz -a
*/5 * * * * cacti /usr/local/bin/php /usr/local/share/cacti/poller.php > /dev/null 2>&1

 

/usr/local/etc/apache24/httpd.conf 설정

root@bsd11:~ # vi /usr/local/etc/apache24/httpd.conf

#<Directory />
#    AllowOverride none
#    Require all denied
#</Directory>

<Directory />
    AllowOverride none
    Order deny,allow
    Deny from all
</Directory>

Alias /cacti /usr/local/share/cacti
<Directory "/usr/local/share/cacti">
AllowOverride None
Order Allow,deny
Allow from all
</Directory>

(기존 Directory 라인은 주석처리 하며 아래 내용으로 붙여넣기를 합니다.)

 

/usr/local/etc/my.cnf 설정

root@bsd11:~ # vi /usr/local/etc/my.cnf
### 아래 내용 추가 ###
max_heap_table_size             = 99M
tmp_table_size                  = 64M
join_buffer_size                = 64M
innodb_doublewrite              = OFF
innodb_flush_log_at_timeout     = 3
innodb_read_io_threads          = 32
innodb_write_io_threads         = 16


(버전에 따라 일부 내용은 수정을 해야 할수도 있습니다. 테스트 머신의 경우 Mariadb102 Version 입니다.)

 

System Rebooting 

root@bsd11:~ # init 6

(설정내용 적용및 linux emulator 설치를 위하여 시스템 리부팅을 진행 합니다.)

 

linux 호환 모듈 확인

root@bsd11:~ # kldstat
Id Refs Address            Size     Name
 1   16 0xffffffff80200000 1f67a88  kernel
 2    1 0xffffffff82219000 2986     uhid.ko
 3    1 0xffffffff8221c000 42864    linux.ko
 4    2 0xffffffff8225f000 7b0f     linux_common.ko
 5    1 0xffffffff82267000 3c93f    linux64.ko
root@bsd11:~ #

 

linux emulator 설치

root@bsd11:~ # whereis linux_base-c7
linux_base-c7: /usr/ports/emulators/linux_base-c7
root@bsd11:~ # cd /usr/ports/emulators/linux_base-c7 && make install clean

Ok 를 선택하여 설치를 진행 합니다.

 

설치완료후 메세지

Installing linux_base-c7-7.4.1708_2...
Some programs need linprocfs mounted on /compat/linux/proc.  Add the
following line to /etc/fstab:

linprocfs   /compat/linux/proc  linprocfs       rw      0       0

Then run "mount /compat/linux/proc".

Some programs need linsysfs mounted on /compat/linux/sys.  Add the
following line to /etc/fstab:

linsysfs    /compat/linux/sys   linsysfs        rw      0       0

Then run "mount /compat/linux/sys".

Some programs need tmpfs mounted on /compat/linux/dev/shm.  Add the
following line to /etc/fstab:

tmpfs    /compat/linux/dev/shm  tmpfs   rw,mode=1777    0       0

Then run "mount /compat/linux/dev/shm".

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/compat/linux/usr/lib64/libgio-2.0.so.0.5000.3
/compat/linux/usr/lib64/libdb-4.7.so
/compat/linux/usr/lib64/libdb_cxx-4.7.so
/compat/linux/usr/lib/libresolv-2.17.so
/compat/linux/usr/lib/libgssrpc.so.4.2
/compat/linux/usr/lib/libdb-5.3.so
/compat/linux/usr/lib/libdb-4.7.so
/compat/linux/usr/lib64/libselinux.so.1
/compat/linux/usr/libexec/gam_server
/compat/linux/usr/lib64/libgssrpc.so.4.2
/compat/linux/usr/lib/libselinux.so.1
/compat/linux/usr/lib/libgio-2.0.so.0.5000.3
/compat/linux/usr/lib64/libresolv-2.17.so
/compat/linux/usr/lib/libdb_cxx-4.7.so
/compat/linux/usr/lib64/libdb-5.3.so

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.
===>  Cleaning for linux_base-c7-7.4.1708_2
root@bsd11:/usr/ports/emulators/linux_base-c7 #

 

/etc/fstab 수정

root@bsd11:~ #
root@bsd11:~ # vi /etc/fstab


linprocfs   /compat/linux/proc  linprocfs       rw      0       0
linsysfs    /compat/linux/sys   linsysfs        rw      0       0
tmpfs    /compat/linux/dev/shm  tmpfs   rw,mode=1777    0       0

root@bsd11:~ # mount -a
root@bsd11:~ # df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/da0s1a     18G    6.7G     10G    40%    /
devfs          1.0K    1.0K      0B   100%    /dev
linprocfs      4.0K    4.0K      0B   100%    /compat/linux/proc
linsysfs       4.0K    4.0K      0B   100%    /compat/linux/sys
tmpfs          4.2G    4.0K    4.2G     0%    /compat/linux/dev/shm
root@bsd11:~ #

fstab 수정후 mount 를 진행 합니다.

df -h 명령어로 정상적으로 마운트가 되었는지 확인 합니다.

 

cacti 디렉토리 권한 설정

root@bsd11:~ # chown -R www:www /usr/local/share/cacti/resource/
root@bsd11:~ # chown -R www:www /usr/local/share/cacti/scripts/
root@bsd11:~ # chown -R www:www /usr/local/share/cacti/cache/boost/
root@bsd11:~ # chown -R www:www /usr/local/share/cacti/cache/mibcache/
root@bsd11:~ # chown -R www:www /usr/local/share/cacti/cache/realtime/
root@bsd11:~ # chown -R www:www /usr/local/share/cacti/cache/spikekill/
root@bsd11:~ # mkdir /usr/local/share/cacti/log
root@bsd11:~ # chown -R www:www /usr/local/share/cacti/log/

 

Cacti 사용을 위한 설치 및 설정 작업을 모두 완료 하였습니다.

웹브라우저로 접속후 설정을 진행 합니다.

ex) http://192.168.0.100/cacti

Accept GPL License Agrement 를 체크 하고 Next 를 눌러 설정을 진행 합니다.

 

ERROR 구문및 권장 설정값을 확인 합니다.

 

 

 

확인내용

ERROR: Your Cacti database login account does not have access to the MySQL TimeZone database. Please provide the Cacti database account “select” access to the “time_zone_name” table in the “mysql” database, and populate MySQL’s TimeZone information before proceeding.ERROR: Your Cacti database login account does not have access to the MySQL TimeZone database. Please provide the Cacti database account “select” access to the “time_zone_name” table in the “mysql” database, and populate MySQL’s TimeZone information before proceeding.

Cacti 데이터베이스 로그인 계정의 MySQL TimeZone 데이터베이스 액세스 문제

 

root@bsd11:~ # mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
Enter password:
root@bsd11:~ # cd /usr/local/share/cacti/cli/
root@bsd11:/usr/local/share/cacti/cli # php repair_database.php --force
Repairing All Cacti Database Tables
Repairing Table -> 'aggregate_graph_templates' Successful
Repairing Table -> 'aggregate_graph_templates_graph' Successful
Repairing Table -> 'aggregate_graph_templates_item' Successful
Repairing Table -> 'aggregate_graphs' Successful
Repairing Table -> 'aggregate_graphs_graph_item' Successful
Repairing Table -> 'aggregate_graphs_items' Successful
Repairing Table -> 'automation_devices' Successful
Repairing Table -> 'automation_graph_rule_items' Successful
Repairing Table -> 'automation_graph_rules' Successful
Repairing Table -> 'automation_ips' Successful
Repairing Table -> 'automation_match_rule_items' Successful
Repairing Table -> 'automation_networks' Successful
Repairing Table -> 'automation_processes' Successful
Repairing Table -> 'automation_snmp' Successful
Repairing Table -> 'automation_snmp_items' Successful
Repairing Table -> 'automation_templates' Successful
Repairing Table -> 'automation_tree_rule_items' Successful
Repairing Table -> 'automation_tree_rules' Successful
Repairing Table -> 'cdef' Successful
Repairing Table -> 'cdef_items' Successful
Repairing Table -> 'color_template_items' Successful
Repairing Table -> 'color_templates' Successful
Repairing Table -> 'colors' Successful
Repairing Table -> 'data_input' Successful
Repairing Table -> 'data_input_data' Successful
Repairing Table -> 'data_input_fields' Successful
Repairing Table -> 'data_local' Successful
Repairing Table -> 'data_source_profiles' Successful
Repairing Table -> 'data_source_profiles_cf' Successful
Repairing Table -> 'data_source_profiles_rra' Successful
Repairing Table -> 'data_source_purge_action' Successful
Repairing Table -> 'data_source_purge_temp' Successful
Repairing Table -> 'data_source_stats_daily' Successful
Repairing Table -> 'data_source_stats_hourly' Successful
Repairing Table -> 'data_source_stats_hourly_cache' Successful
Repairing Table -> 'data_source_stats_hourly_last' Successful
Repairing Table -> 'data_source_stats_monthly' Successful
Repairing Table -> 'data_source_stats_weekly' Successful
Repairing Table -> 'data_source_stats_yearly' Successful
Repairing Table -> 'data_template' Successful
Repairing Table -> 'data_template_data' Successful
Repairing Table -> 'data_template_rrd' Successful
Repairing Table -> 'external_links' Successful
Repairing Table -> 'graph_local' Successful
Repairing Table -> 'graph_template_input' Successful
Repairing Table -> 'graph_template_input_defs' Successful
Repairing Table -> 'graph_templates' Successful
Repairing Table -> 'graph_templates_gprint' Successful
Repairing Table -> 'graph_templates_graph' Successful
Repairing Table -> 'graph_templates_item' Successful
Repairing Table -> 'graph_tree' Successful
Repairing Table -> 'graph_tree_items' Successful
Repairing Table -> 'host' Successful
Repairing Table -> 'host_graph' Successful
Repairing Table -> 'host_snmp_cache' Successful
Repairing Table -> 'host_snmp_query' Successful
Repairing Table -> 'host_template' Successful
Repairing Table -> 'host_template_graph' Successful
Repairing Table -> 'host_template_snmp_query' Successful
Repairing Table -> 'plugin_config' Successful
Repairing Table -> 'plugin_db_changes' Successful
Repairing Table -> 'plugin_hooks' Successful
Repairing Table -> 'plugin_realms' Successful
Repairing Table -> 'poller' Successful
Repairing Table -> 'poller_command' Successful
Repairing Table -> 'poller_data_template_field_mappings' Successful
Repairing Table -> 'poller_item' Successful
Repairing Table -> 'poller_output' Successful
Repairing Table -> 'poller_output_boost' Successful
Repairing Table -> 'poller_output_boost_processes' Successful
Repairing Table -> 'poller_output_realtime' Successful
Repairing Table -> 'poller_reindex' Successful
Repairing Table -> 'poller_resource_cache' Successful
Repairing Table -> 'poller_time' Successful
Repairing Table -> 'reports' Successful
Repairing Table -> 'reports_items' Successful
Repairing Table -> 'sessions' Successful
Repairing Table -> 'settings' Successful
Repairing Table -> 'settings_tree' Successful
Repairing Table -> 'settings_user' Successful
Repairing Table -> 'settings_user_group' Successful
Repairing Table -> 'sites' Successful
Repairing Table -> 'snmp_query' Successful
Repairing Table -> 'snmp_query_graph' Successful
Repairing Table -> 'snmp_query_graph_rrd' Successful
Repairing Table -> 'snmp_query_graph_rrd_sv' Successful
Repairing Table -> 'snmp_query_graph_sv' Successful
Repairing Table -> 'snmpagent_cache' Successful
Repairing Table -> 'snmpagent_cache_notifications' Successful
Repairing Table -> 'snmpagent_cache_textual_conventions' Successful
Repairing Table -> 'snmpagent_managers' Successful
Repairing Table -> 'snmpagent_managers_notifications' Successful
Repairing Table -> 'snmpagent_mibs' Successful
Repairing Table -> 'snmpagent_notifications_log' Successful
Repairing Table -> 'user_auth' Successful
Repairing Table -> 'user_auth_cache' Successful
Repairing Table -> 'user_auth_group' Successful
Repairing Table -> 'user_auth_group_members' Successful
Repairing Table -> 'user_auth_group_perms' Successful
Repairing Table -> 'user_auth_group_realm' Successful
Repairing Table -> 'user_auth_perms' Successful
Repairing Table -> 'user_auth_realm' Successful
Repairing Table -> 'user_domains' Successful
Repairing Table -> 'user_domains_ldap' Successful
Repairing Table -> 'user_log' Successful
Repairing Table -> 'vdef' Successful
Repairing Table -> 'vdef_items' Successful
Repairing Table -> 'version' Successful

NOTE: Checking for Invalid Cacti Templates
NOTE: 50 Invalid Data Input Data Rows based upon template mappings removed from Data Templates
root@bsd11:/usr/local/share/cacti/cli #
root@bsd11:/usr/local/share/cacti/cli # php upgrade_database.php
You are attempting to install cacti 1.1.27 onto a 0.6.x database.
To continue, you must create a new database, import 'cacti.sql' into it,
and     update 'include/config.php' to point to the new database.
root@bsd11:/usr/local/share/cacti/cli #
root@bsd11:/usr/local/share/cacti/cli # mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
Enter password:
root@bsd11:/usr/local/share/cacti/cli #

root@bsd11:/usr/local/share/cacti/cli # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 25
Server version: 10.2.10-MariaDB-log FreeBSD Ports

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> GRANT SELECT ON mysql.time_zone_name TO cacti@localhost;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> quit;
Bye
root@bsd11:/usr/local/share/cacti/cli #


 

 

my.cnf Recommend 값
collation_server 값 utf8_general_ci      ->   utf8mb4_unicode_ci
character_set_client 값 utf8                 ->   utf8mb4
max_heap_table_size 값 99M              ->   198M
max_allowed_packet 값 1048576        ->   16777216
innodb_buffer_pool_size 값 128M      ->    992M

 

root@bsd11:~ # vi /usr/local/etc/my.cnf

### 변경 내용 ###

[client]
#password       = your_password
port            = 3306
socket          = /tmp/mysql.sock
default-character-set = utf8mb4   <--utf8 에서 변경 


[mysqld]
character-set-server=utf8mb4
collation-server = utf8mb4_unicode_ci



max_heap_table_size             = 200M
max_allowed_packet = 16M
innodb_buffer_pool_size = 992M

 

변경후 mariadb restart 를 합니다.

root@bsd11:~ # service mysql-server restart
Stopping mysql.
Waiting for PIDS: 6265.
Starting mysql.
root@bsd11:~ #

 

웹페이지 확인

 

Next 를 클릭 하여 설정을 진행 합니다. (Google Chrome 의 경우 전체화면으로 전환 해야 Next 버튼이 보입니다.)

 

새로운 서버 구성 이기때문에 별도로 선택할것은 없습니다.

Next 를 클릭합니다.

 

Cacti Log Path 에 아래와 같이 표시가 된다면 log 파일을 생성 해야 합니다. 

 

log 파일 생성

root@bsd11:~ #
root@bsd11:~ # cd /var/log/cacti
root@bsd11:/var/log/cacti # touch log
root@bsd11:/var/log/cacti # chown cacti:cacti log

 

 

cacti-spine 의 경우 차후 설치를 진행 합니다.

 

Template Setup 에서는 아래와 같이 선택 합니다.

 

최초 로그인의 경우 admin/admin 입니다.

 

admin Password 를 변경 합니다.  암호의 경우 대소문자가 혼합되어 있어야 합니다.

설정된 패스워드로 로그인을 진행 합니다.

 

cacti 설정 내역 (New Graphs 에서 생성 내역이 적용 안될수 있음으로 중간에 로그아웃 후 다시로그인 하면 정상으로 생성된 결과를 볼수 있습니다.)

 

 

 

 

 

 

 

시간은 대략 5 분 ~ 30분 정도면 모니터링 결과를 표시해 줍니다.

 

apache24, php71 , mariadb102 설치

 

apache24 설치

root@bsd11:~ # whereis apache24
apache24: /usr/ports/www/apache24
root@bsd11:~ # cd /usr/ports/www/apache24/ && make install clean

 

OK 선택하여 다음을 설정 합니다.

추가적으로 나오는 부분은 OK 선택하여 설치를 진행 합니다.

apache24 설치후 메세지

To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/libexec/apache24/mod_cgid.so

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/apache24
/usr/local/etc/rc.d/htcacheclean

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://httpd.apache.org/
===>  Cleaning for autoconf-2.69_1
===>  Cleaning for m4-1.4.18,1
===>  Cleaning for texinfo-6.5,1
===>  Cleaning for help2man-1.47.5
===>  Cleaning for p5-Locale-gettext-1.07
===>  Cleaning for gettext-tools-0.19.8.1
===>  Cleaning for gettext-runtime-0.19.8.1_1
===>  Cleaning for indexinfo-0.3.1
===>  Cleaning for gmake-4.2.1_1
===>  Cleaning for autoconf-wrapper-20131203
===>  Cleaning for automake-1.15.1
===>  Cleaning for automake-wrapper-20131203
===>  Cleaning for libtool-2.4.6
===>  Cleaning for expat-2.2.1
===>  Cleaning for apr-1.6.3.1.6.1
===>  Cleaning for gdbm-1.13_1
===>  Cleaning for readline-7.0.3_1
===>  Cleaning for db5-5.3.28_6
===>  Cleaning for pcre-8.40_1
===>  Cleaning for libnghttp2-1.27.0
===>  Cleaning for libxml2-2.9.4
===>  Cleaning for apache24-2.4.29
root@bsd11:/usr/ports/www/apache24 #

 

php71 설치

root@bsd11:~ # whereis php71
php71: /usr/ports/lang/php71
root@bsd11:/usr/ports/lang/php71 # make config

 

추가 패키지 설치를 위해 php71-extensions 디렉토리로 이동합니다.

root@bsd11:/usr/ports/lang/php71 # cd /usr/ports/lang/php71-extensions/
root@bsd11:/usr/ports/lang/php71-extensions # make config install

 

 

설치 옵션에서 CURL FTP GD MYSQLi OPENSSL SOCKETS PDF SNMP ZIP 선택후 설치를 진행 합니다. 

 

 

 

설치 완료 메세지

Libraries have been installed in:
   /usr/ports/archivers/php71-zip/work/php-7.1.11/ext/zip/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
Build complete.
Don't forget to run 'make test'.
===>  Staging for php71-zip-7.1.11
===>   php71-zip-7.1.11 depends on file: /usr/local/include/php/main/php.h - found
===>   Generating temporary packing list
====> Compressing man pages (compress-man)
===>  Installing for php71-zip-7.1.11
===>  Checking if php71-zip already installed
===>   Registering installation for php71-zip-7.1.11 as automatic
Installing php71-zip-7.1.11...
===>   php71-extensions-1.0 depends on file: /usr/local/lib/php/20160303/zip.so - found
===>   Returning to build of php71-extensions-1.0
===>   Generating temporary packing list
====> Compressing man pages (compress-man)
===>  Installing for php71-extensions-1.0
===>  Checking if php71-extensions already installed
===>   Registering installation for php71-extensions-1.0
Installing php71-extensions-1.0...
root@bsd11:/usr/ports/lang/php71-extensions #

 

mariadb102 설치

root@bsd11:~ # whereis mariadb102-server
mariadb102-server: /usr/ports/databases/mariadb102-server
root@bsd11:~ # cd /usr/ports/databases/mariadb102-server && make install clean

 

OK 선택하여 설치를 진행 합니다.

 

설치 완료 메세지

************************************************************************

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!                                                                    !!
!! The default InnoDB storage engine is no longer XtraDB, check your  !!
!! configuration and switch it to InnoDB                              !!
!!                                                                    !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Remember to run mysql_upgrade (with the optional --datadir=<dbdir> flag)
the first time you start the MySQL server after an upgrade from an
earlier version.

MariaDB respects hier(7) and doesn't check /etc and /etc/mysql for
my.cnf. Please move existing my.cnf files from those paths to
/usr/local/etc and /usr/local/etc/mysql.

This port does NOT include the mytop perl script, this is included in
the MariaDB tarball but the most recent version can be found in the
databases/mytop port

************************************************************************

===> SECURITY REPORT:
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/lib/mysql/plugin/ha_spider.so
/usr/local/lib/mysql/plugin/handlersocket.so

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/mysql-server

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://mariadb.org/
===>  Cleaning for bison-3.0.4,1
===>  Cleaning for cmake-3.9.4
===>  Cleaning for py27-sphinx-1.4.8_2,1
===>  Cleaning for py27-Jinja2-2.9.5
===>  Cleaning for py27-setuptools-36.5.0
===>  Cleaning for python27-2.7.14_1
===>  Cleaning for libffi-3.2.1_1
===>  Cleaning for py27-MarkupSafe-1.0
===>  Cleaning for py27-Babel-2.3.4
===>  Cleaning for py27-pytz-2017.2,1
===>  Cleaning for py27-docutils-0.14
===>  Cleaning for py27-six-1.11.0
===>  Cleaning for py27-pygments-2.2.0
===>  Cleaning for py27-sphinx_rtd_theme-0.2.4
===>  Cleaning for py27-alabaster-0.7.6
===>  Cleaning for py27-snowballstemmer-1.2.0_1
===>  Cleaning for py27-pystemmer-1.3.0_1
===>  Cleaning for py27-imagesize-0.7.1
===>  Cleaning for ca_root_nss-3.32.1
===>  Cleaning for curl-7.56.1
===>  Cleaning for jsoncpp-1.8.1_2
===>  Cleaning for scons-2.5.1_1
===>  Cleaning for python2-2_3
===>  Cleaning for libuv-1.16.1
===>  Cleaning for rhash-1.3.5
===>  Cleaning for libarchive-3.3.2,1
===>  Cleaning for libiconv-1.14_11
===>  Cleaning for liblz4-1.8.0,1
===>  Cleaning for lzo2-2.10_1
===>  Cleaning for unixODBC-2.3.4
===>  Cleaning for libedit-3.1.20170329_2,1
===>  Cleaning for mariadb102-client-10.2.10
===>  Cleaning for mariadb102-server-10.2.10
root@bsd11:/usr/ports/databases/mariadb102-server #

 

 

mod_php71 설치

root@bsd11:~ # whereis mod_php71
mod_php71: /usr/ports/www/mod_php71
root@bsd11:~ # cd /usr/ports/www/mod_php71/ && make install clean

 

AP2FILTER 를 선택 합니다.

 

설치시 오류 메시지

Build complete.
Don't forget to run 'make test'.
===>  Staging for mod_php71-7.1.11
===>   mod_php71-7.1.11 depends on file: /usr/local/sbin/apxs - found
===>   Generating temporary packing list
/bin/mkdir -p /usr/ports/www/mod_php71/work/stage/usr/local/libexec/apache24
install  -s -m 0644 /usr/ports/www/mod_php71/work/php-7.1.11/libs/libphp7.so  /u                                                                                                                                                                                               sr/ports/www/mod_php71/work/stage/usr/local/libexec/apache24
install: /usr/ports/www/mod_php71/work/php-7.1.11/libs/libphp7.so: No such file                                                                                                                                                                                                or directory
*** Error code 71

Stop.
make[1]: stopped in /usr/ports/www/mod_php71
*** Error code 1

Stop.
make: stopped in /usr/ports/www/mod_php71
root@bsd11:/usr/ports/www/mod_php71 #

 

/etc/make.conf 생성

root@bsd11:/usr/ports/www/mod_php71 # vi /etc/make.conf
DEFAULT_VERSIONS+=php=7.1

 

ports 설치시 문제가 있어 pkg 로 설치를 진행 합니다. (Freebsd 10 Version 에서도 동일한 문제가 있어 pkg 로 설치를 진행 하였습니다.)

root@bsd11:/ # pkg install mod_php71
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        mod_php71: 7.1.10

Number of packages to be installed: 1

The process will require 5 MiB more space.
1 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching mod_php71-7.1.10.txz: 100%    1 MiB 597.2kB/s    00:02
Checking integrity... done (0 conflicting)
[1/1] Installing mod_php71-7.1.10...
Extracting mod_php71-7.1.10: 100%
[activating module `php7' in /usr/local/etc/apache24/httpd.conf]
Message from mod_php71-7.1.10:
***************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

*********************************************************************

If you are building PHP-based ports in poudriere(8) with ZTS enabled,
add WITH_MPM=event to /etc/make.conf to prevent build failures.

*********************************************************************
root@bsd11:/ #

 

apache24 Setting

/etc/rc.conf 파일 수정

root@bsd11:~ # vi /etc/rc.conf
apache24_enable="YES"

 

apache24 Daemon 실행을 위해서는 httpd.conf 파일의 수정이 필요 합니다.

root@bsd11:~ # cd /usr/local/etc/apache24/
root@bsd11:/usr/local/etc/apache24 # cp httpd.conf httpd.conf.org
root@bsd11:/usr/local/etc/apache24 # vi httpd.conf

<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>


ServerName www.example.com:80

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php .php .inc .html
    AddType application/x-httpd-source .phps

Include etc/apache24/extra/httpd-userdir.conf

LoadModule userdir_module libexec/apache24/mod_userdir.so


(주석을 제거 합니다 차후 domain 에 맞게 수정해 주면 됩니다.)

 

php.ini 파일 카피 및 php71 include 설정

php.ini 파일 카피

root@bsd11:~ # cd /usr/local/etc
root@bsd11:/usr/local/etc # cp php.ini-production php.ini

 

php.conf 파일 생성

root@bsd11:~ # cd /usr/local/etc/apache24/extra/
root@bsd11:/usr/local/etc/apache24/extra # vi php.conf
<IfModule dir_module>
    DirectoryIndex index.php index.html
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</IfModule>

 

 

apache24 Daemon 실행

root@bsd11:/usr/local/etc/apache24 # service apache24 restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 760.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@bsd11:/usr/local/etc/apache24 #

 

mariadb102 Setting

/etc/rc.conf 파일 수정

root@bsd11:~ # vi /etc/rc.conf
mysql_enable="YES"

 

mariadb102 Daemon 실행및 password 설정

root@bsd11:~ # service mysql-server start
Installing MariaDB/MySQL system tables in '/var/db/mysql' ...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following commands:

'/usr/local/bin/mysqladmin' -u root password 'new-password'
'/usr/local/bin/mysqladmin' -u root -h bsd11 password 'new-password'

Alternatively you can run:
'/usr/local/bin/mysql_secure_installation'

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.

You can start the MariaDB daemon with:
cd '/usr/local' ; /usr/local/bin/mysqld_safe --datadir='/var/db/mysql'

You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/local/mysql-test' ; perl mysql-test-run.pl

Please report any problems at http://mariadb.org/jira

The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
Get Involved
Starting mysql. root@bsd11:~ #

 

패스워드 설정 ( mysqladmin 명령어로 password 를 설정 할수 있습니다.)

root@bsd10:~ # mysqladmin -u root password mariadb_password

mariadb_password 부분에 원하는 패스워드를 넣어 설정 하시면 됩니다.

 

or

 

mysql_secure_installation 으로 설정 하셔도 됩니다.

root@bsd11:~ # /usr/local/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
root@bsd11:~ #

 

mysql 로그인을 하여 characterset 을 확인 합니다.

root@bsd11:~ # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 23
Server version: 10.2.10-MariaDB FreeBSD Ports

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> status;
--------------
mysql  Ver 15.1 Distrib 10.2.10-MariaDB, for FreeBSD11.1 (amd64) using readline 5.1

Connection id:          23
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          more
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.2.10-MariaDB FreeBSD Ports
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    ascii
Conn.  characterset:    ascii
UNIX socket:            /tmp/mysql.sock
Uptime:                 9 min 39 sec

Threads: 7  Questions: 33  Slow queries: 0  Opens: 18  Flush tables: 1  Open tables: 12  Queries per second avg: 0.056
--------------

MariaDB [(none)]>

 

characterset 이 latin1 으로 되어 있습니다.

 

my.cnf 를 수정 하여 latin1 -> utf8 로 변경 합니다.

root@bsd11:~ # cp /usr/local/share/mysql/my-large.cnf /usr/local/etc/my.cnf
root@bsd11:~ # vi /usr/local/etc/my.cnf

[client]
#password       = your_password
port            = 3306
socket          = /tmp/mysql.sock
default-character-set = utf8

# The MariaDB server
[mysqld]

character-set-server=utf8
skip-character-set-client-handshake

 

mariadb 재시작 및 status 확인

root@bsd11:~ # service mysql-server restart
Stopping mysql.
Waiting for PIDS: 939.
Starting mysql.
root@bsd11:~ #

root@bsd11:~ # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.2.10-MariaDB-log FreeBSD Ports

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> status;
--------------
mysql  Ver 15.1 Distrib 10.2.10-MariaDB, for FreeBSD11.1 (amd64) using readline 5.1

Connection id:          9
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          more
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.2.10-MariaDB-log FreeBSD Ports
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /tmp/mysql.sock
Uptime:                 27 sec

Threads: 8  Questions: 4  Slow queries: 0  Opens: 17  Flush tables: 1  Open tables: 11  Queries per second avg: 0.148
--------------

MariaDB [(none)]>

characterset 이 latin1 에서 utf8 로 변경 된걸 확인할수 있습니다.

 

phpinfo 페이지 출력

oot@bsd11:/home/test # mkdir public_html
root@bsd11:/home/test # cd public_html/
root@bsd11:/home/test/public_html # vi test.php
<?php phpinfo(); ?>

 

web브라우저에서 확인 (localhost 의 경우 freebsd box 의 ip 를 입력 하시면 됩니다.)

 

FreeBSD pure-ftpd 설치 및 VirtualUser 설정 방법 입니다.

pure-ftpd 설치의 경우 ports collection 을 이용 합니다.

 

pure-ftpd ports 확인

root@bsd11:~ # whereis pure-ftpd
pure-ftpd: /usr/ports/ftp/pure-ftpd
root@bsd11:~ #

 

pure-ftpd 설치

root@bsd11:~ # cd /usr/ports/ftp/pure-ftpd/ && make install clean

 

  1. OK 를 눌러 설치를 진행 합니다.

추가적인 부분도 OK 눌러 설치 하시면 됩니다. ( TLS/UTF8 부분이 체크 되어 있는지 확인 합니다.)

설치 완료 메시지

 

설정

예전의 경우 rehash 를 해줘야 Daemon 을 사용 할수 있었는데 요즘은 잘 모르겠네요.

rehash 를 실행합니다.

(rehash 는 csh / tcsh 이 path 디렉토리를 바이너리로 다시 스캔하게 위하여 실행 합니다. 꼭 필요한것은 아니지만 예전에는 Daemon 구동이 안되는 경우도 있었습니다.

rehash 를 하지않고 예전 5 Version 6 Version 의 경우는 리부팅후에 설정을 진행 했었습니다.)

root@bsd11:/usr/ports/ftp/pure-ftpd # rehash
root@bsd11:/usr/ports/ftp/pure-ftpd #

rehash 참고페이지: https://www.cyberciti.biz/faq/freebsd-shell-doesnt-recognize-newly-installed-programs/

ports 설치후 설정 디렉토리는 대부분 /usr/local/etc 에 위치 하고 있습니다.

/usr/local/etc/ 디렉토리로 이동후 pure-ftpd.conf.sample 파일을 카피 합니다.

root@bsd11:~ # cd /usr/local/etc
root@bsd11:/usr/local/etc # cp pure-ftpd.conf.sample pure-ftpd.conf

 

pure-ftpd.conf 파일 설정

root@bsd11:/usr/local/etc # vi pure-ftpd.conf

 

  1. PureDB 위치 변경 (default 의 경우 PureDB /etc/pureftpd.pdb 로 되어 있습니다.)PureDB /usr/local/etc/pureftpd.pdb
  2. CreateHomeDir 주석 제거 (일반 유저의 경우 홈디렉토리의 ftp 사용을 가능하게 합니다.)CreateHomeDir yesPAMAuthentication yes
  3. FXP 설정AllowUserFXP yes
  4. 로그설정 AltLog 주석을 제거 합니다. AltLog stats:/var/log/pureftpd.log

 

pure-ftpd 에서 사용할 디렉토리및 가상 사용자 설정

root@bsd11:~ # mkdir -p /home/vftp
root@bsd11:~ # pw user add vftp -s /sbin/nologin -w no -d /home/vftp -c "virtual pure virtual ftp users" -m

 

가상사용자 추가시

root@bsd11:~ # pure-pw useradd test -u vftp -g vftp -d /home/vftp
Password:
Enter it again:
root@bsd11:~ #

사용자 생성후 puredb update

root@bsd11:~ # pure-pw mkdb

 

IP allow 설정의 경우 다음과 같이 설정합니다.

root@bsd11:~ # pure-pw useradd test -u vftp -g vftp -d /home/vftp
root@bsd11:~ # pure-pw usermod test1 -r 192.168.0.2/24 -m

user 정보 확인

root@bsd11:~ # pure-pw show test1

Login              : test1
Password           : $argon2id$v=19$m=65536,t=2,p=1$enIz2/8XAQ85vZ1C48hWRg$MJ07yP2/3BNdDlkjQwdvFjJgtYeofT7ZpjmyptbwFWo
UID                : 1001 (vftp)
GID                : 1001 (vftp)
Directory          : /home/vftp/./
Full name          :
Download bandwidth : 0 Kb (unlimited)
Upload   bandwidth : 0 Kb (unlimited)
Max files          : 0 (unlimited)
Max size           : 0 Mb (unlimited)
Ratio              : 0:0 (unlimited:unlimited)
Allowed local  IPs :
Denied  local  IPs :
Allowed client IPs : 192.168.0.2/24
Denied  client IPs :
Time restrictions  : 0000-0000 (unlimited)
Max sim sessions   : 0 (unlimited)

root@bsd11:~ #

 

pure-ftpd 로그 설정

root@bsd11:~ # cd /var/log/
root@bsd11:/var/log # touch pure-ftpd.log
root@bsd11:/var/log # chmod 650 pure-ftpd.log

syslog.conf 설정

root@bsd11:/var/log # vi /etc/syslog.conf
#ftp.info                                       /var/log/xferlog
ftp.*                                           /var/log/pure-ftpd.log

logrotate 설정 (/etc/newsyslog.conf )

ftp 사용이 많은 서버

날짜로 rotation 매일 0시에 rotation , 최근 10개 보관

root@bsd11:/var/log # vi /etc/newsyslog.conf
/var/log/xferlog                        600  7     100  *     JC
/var/log/pure-ftpd.log                  640  10    *    @T00  Z

ftp 사용이 적은 서버

root@bsd11:/var/log # vi /etc/newsyslog.conf
/var/log/xferlog                        600  7     100  *     JC
/var/log/pure-ftpd.log                  640  10    200  *     Z

 

rc.conf 수정

root@bsd11:/var/log # vi /etc/rc.conf
pureftpd_enable="YES"

 

pure-ftpd start

oot@bsd11:/var/log # /usr/local/etc/rc.d/pure-ftpd start
Starting pureftpd.
oot@bsd11:/var/log #

syslog 재시작

root@bsd11:/var/log # /etc/rc.d/syslogd restart
Stopping syslogd.
Starting syslogd.
root@bsd11:/var/log #

 

Ftp Client 접속 확인

상태: 192.168.8.138:21에 연결…

상태: 연결 수립, 환영 메시지를 기다림…

상태: 보안되지 않은 서버입니다.

TLS를 통한 FTP를 지원하지 않습니다.

상태: 로그인상태: 디렉터리 목록 조회…

상태: “/” 디렉터리 목록 조회 성공

 

SSL/TLS 적용 :

pure-ftpd.conf 설정 변경

root@bsd11:~ # vi /usr/local/etc/pure-ftpd.conf

 TLS                          2

openssl 작업

root@bsd11:~ # mkdir -p /etc/ssl/private
root@bsd11:~ # openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Generating a 2048 bit RSA private key
.........+++
......+++
writing new private key to '/etc/ssl/private/pure-ftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:test
Organizational Unit Name (eg, section) []:virtualftp
Common Name (e.g. server FQDN or YOUR name) []:test-server
Email Address []:test@gmail.com
root@bsd11:~ # chmod 600 /etc/ssl/private/*.pem

pure-ftpd 재시작

root@bsd11:~ # /usr/local/etc/rc.d/pure-ftpd restart

연결 테스트

 

연결 메시지

상태: 192.168.8.138:21에 연결…

상태: 192.168.8.138:21에 연결…

상태: 연결 수립, 환영 메시지를 기다림…

상태: TLS 초기화…상태: 인증서 검증…

상태: TLS 연결 수립.

상태: 로그인상태: 디렉터리 목록 조회…

상태: “/” 디렉터리 목록 조회 성공

FreeBSD 에서 유저를 생성하기 위하여 pw 명령어를 사용 합니다.

참고페이지: https://www.freebsd.org/doc/handbook/users-synopsis.html 

 

pw 명령어의 사용예

root@bsd11:~ # pw user add test -g wheel -m

– 유저명 test 를 만들고 구룹을 관리자구룹으로 지정 홈디렉토리 생성

일반적인 pw 이용

root@bsd11:~ # pw user add test -m

– 유저명 test 를 만들고 홈디렉토리 생성

root@bsd11:~ # passwd test

– test 유저의 비밀번호 생성

root@bsd11:~ # pw user del test -r

– test 유저 삭제및 홈디렉토리 까지 삭제

 

 

 

FreeBSD Network

linux 의 경우 /etc/sysconfig/network-scripts/ifcfg-ethX 및 /etc/network/interfaces 파일을 변경 하여 셋팅 합니다.
FreeBSD 의 경우 /etc/rc.conf 설정으로 변경 할수 있습니다.

/etc/rc.conf 로 변경 할수 있는것들

1. hostname
2. network ip 정보
3. Daemon 의 enable / Disable

등을 변경 할수 있습니다.

 

root@bsd11:~ # cat /etc/rc.conf
sendmail_enable=”NONE”
hostname=”bsd11″
keymap=”us.iso.kbd”
ifconfig_em0=”DHCP”
sshd_enable=”YES”
ntpd_enable=”YES”
# Set dumpdev to “AUTO” to enable crash dumps, “NO” to disable
dumpdev=”AUTO”
root@bsd11:~ #

 

IP 정보의 경우 알고 계신것처럼 DHCP 및 Static 으로 설정 하여 사용할수 있습니다.

DHCP 설정의 경우 아래와 같이 설정 합니다.

ifconfig_em0=”DHCP”

Static 의 경우 defaultrouter 설정도 필요 합니다.

ifconfig_em0=”inet 192.168.8.30 netmask 255.255.255.0″
defaultrouter=”192.168.8.1″

 

라우팅 정보의 경우 netstat -r 로 확인 하실수 있습니다.

root@bsd11:~ # netstat -r
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 192.168.8.2 UGS em0
localhost link#2 UH lo0
192.168.8.0/24 link#1 U em0
192.168.8.138 link#1 UHS lo0

Internet6:
Destination Gateway Flags Netif Expire
::/96 localhost UGRS lo0
localhost link#2 UH lo0
::ffff:0.0.0.0/96 localhost UGRS lo0
fe80::/10 localhost UGRS lo0
fe80::%lo0/64 link#2 U lo0
fe80::1%lo0 link#2 UHS lo0
ff02::/16 localhost UGRS lo0
root@bsd11:~ #