MOTOSHARE 🚗🏍️
Turning Idle Vehicles into Shared Rides & Earnings
From Idle to Income. From Parked to Purpose.
Earn by Sharing, Ride by Renting.
Where Owners Earn, Riders Move.
Owners Earn. Riders Move. Motoshare Connects.
With Motoshare, every parked vehicle finds a purpose.
Owners earn. Renters ride.
🚀 Everyone wins.
Source – opensourceforu.com
Cacti is written in PHP and uses the MySQL database as a backend. It uses the RRDtool (Round-Robin Database tool) to handle time series data and has built-in SNMP support. Cacti has been released under the GNU General Public License.
Figure 1: Licence agreement
Setting up Cacti
We will use a CentOS 6.8 virtual machine (VM) running on KVM to set up Cacti. Just for this demonstration, we will disable SELinux. You will need to set the following in /etc/selinux/config and reboot the VM:
SELINUX=disabled |
When used in production, it is essential that you enable SELinux. You should then test for Internet connectivity from within the VM.
The Ansible version used on the host Parabola GNU/Linux-libre x86_64 is 2.2.1.0. The ansible/inventory/kvm/ directory structure is shown below:
ansible/inventory/kvm/inventoryansible/inventory/kvm/group_vars/all/all.yml |
The IP address of the guest CentOS 6.8 VM is provided in the inventory file as shown below:
centos ansible_host=192.168.122.98 ansible_connection=ssh ansible_user=root ansible_password=password |
Add an entry for ‘centos’ in the /etc/hosts file as indicated below:
192.168.122.98 centos |
The contents of the all.yml for use with the playbook are as follows:
---mysql_cacti_password_hash: "{{ vault_mysql_cacti_password_hash }}"mysql_username: "{{ vault_mysql_user }}"mysql_password: "{{ vault_mysql_password }}" |
The Cacti.yml playbook is located in the ansible/playbooks/configuration folder.
Figure 2: Pre-installation checks
Figure 3: Installation type
Vault
Ansible provides the Vault feature, which allows you to store sensitive information like passwords in encrypted files. You can set the EDITOR environment variable to the text editor of your choice, as shown below:
$ export EDITOR=nano |
In order to store our MySQL database credentials, we will create a vault.yml file as indicated below:
$ ansible-vault create inventory/kvm/group_vars/all/vault.yml |
Provide a password when prompted, following which, the Nano text editor will open. You can enter the following credentials and save the file:
---vault_mysql_cacti_password_hash: "*528573A4E6FE4F3E8B455F2F060EB6F63ECBECAA"vault_mysql_user: "cacti"vault_mysql_password: "cacti123" |
You can edit the same file, if you wish, using the following command:
$ ansible-vault edit inventory/kvm/group_vars/all/vault.yml |
It will prompt you for a password, and on successful authentication, your text editor will open with the decrypted file contents for editing.
Apache
Cacti has many dependency packages, and the first software that we will install is the Apache HTTP server.
---- name: Install web serverhosts: centosgather_facts: truetags: [httpd]tasks:- name: Update the software package repositoryyum:name: '*'update_cache: yes- name: Install HTTP packagespackage:name: "{{ item }}"state: latestwith_items:- wget- nano- httpd- httpd-devel- name: Start the httpd serverservice:name: httpdstate: started- wait_for:port: 80 |
A ‘yum update’ is first performed to sync with the package repositories. The httpd Web server and a few other packages are then installed. The server is started, and the Ansible playbook waits for the server to listen on port 80.
MySQL and PHP
The MySQL, PHP and RRDTool packages are then installed, following which the SNMP and MySQL servers are started as shown below:
- name: Install MySQL, PHP packageshosts: centosbecome: yesbecome_method: sudogather_facts: truetags: [database-web]tasks:- name: Install database/web packagespackage:name: "{{ item }}"state: latestwith_items:- mysql- mysql-server- MySQL-python- php-mysql- php-pear- php-common- php-gd- php-devel- php- php-mbstring- php-cli- php-process- php-snmp- net-snmp-utils- net-snmp-libs- rrdtool- name: Start snmpd serverservice:name: snmpdstate: started- name: Start mysqld serverservice:name: mysqldstate: started- wait_for:port: 3306 |
Figure 4: Binary location and version
Figure 5: Directory permission checks
Cacti
Cacti is available in the EPEL repository for CentOS. The GPG key for the CentOS repositories is enabled before installing the EPEL repository. A‘yum update’ is performed and the Cacti package is installed. A Cacti user is then created in the MySQL database.
- name: Install Cactihosts: centosbecome: yesbecome_method: sudogather_facts: truetags: [cacti]tasks:- name: Import EPEL GPG keyrpm_key:key: http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6state: present- name: Add YUM repoyum_repository:name: epeldescription: EPEL YUM repobaseurl: https://dl.fedoraproject.org/pub/epel/$releasever/$basearch/gpgcheck: yes- name: Update the software package repositoryyum:name: '*'update_cache: yes- name: Install cactipackage:name: "{{ item }}"state: latestwith_items:- cacti- name: Create cacti database usermysql_user:name: cactipassword: "{{ mysql_cacti_password_hash }}"encrypted: yespriv: '*.*:ALL,GRANT'state: present |
Fixing a bug
The time zone data is missing in this MySQL version (5.1.73-8). In order to resolve this bug, the mysql_test_data_timezone.sql file needs to be imported and the ‘cacti’ user needs to be given the SELECT privilege to do this.
- name: For bug https://github.com/Cacti/cacti/issues/242hosts: centosbecome: yesbecome_method: sudogather_facts: truetags: [bug]tasks:- name: Import mysql_test_data_timezone.sqlmysql_db:state: importname: mysqltarget: /usr/share/mysql/mysql_test_data_timezone.sql- name: Grant privilegesmysql_user:name: cactiappend_privs: truepriv: 'mysql.time_zone_name:SELECT'state: present |
It is a good practice to have a separate playbook for such exceptional cases. In future, when you upgrade to newer versions that have bug fixes, you can simply skip this step.
Figure 6: Template set-up
Figure 7: User login
Configuration
The last step involves configuring Cacti.
- name: Configurationhosts: centosbecome: yesbecome_method: sudogather_facts: truetags: [config]tasks:- name: Create a database for cactimysql_db:name: cactistate: present- name: Import cacti.sqlmysql_db:state: importname: cactitarget: /usr/share/doc/cacti-1.0.4/cacti.sql- name: Update database credentials in config filelineinfile:dest: /etc/cacti/db.phpregexp: “{{ item.regexp }}”line: “{{ item.line }}”with_items:- { regexp: ‘^\$database_username’, line: “$database_username = ‘{{ mysql_username }}’;” }- { regexp: ‘^\$database_password’, line: “$database_password = ‘{{ mysql_password }}’;” }- name: Allow port 80shell: iptables -I INPUT 5 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT- name: Update access in cacti.conf for httpdreplace:dest: /etc/httpd/conf.d/cacti.confregexp: “{{ item.regexp }}”replace: “{{ item.replace }}”with_items:- { regexp: ‘Require host localhost’, replace: ‘Require all granted’ }- { regexp: ‘Allow from localhost’, replace: ‘Allow from all’ }- lineinfile:dest: /etc/cron.d/cactiregexp: ‘^#(.*)$’line: ‘\1’backrefs: yes- name: Start mysqld serverservice:name: mysqldstate: restarted- wait_for:port: 3306- name: Start the httpd serverservice:name: httpdstate: restarted- wait_for:port: 80 |
A database called ‘cacti’ is created for the application, and the cacti.sql file is imported into it. The database credentials are updated for the Cacti application. The firewall rules are then updated to allow incoming HTTP requests for port 80. The periodic cron poller is then enabled in /etc/cron.d/cacti:
*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1 |
The MySQL and HTTP servers are then restarted.
Figure 8: Changing the password
Figure 9: Cacti Web UI
The result
The entire playbook can now be invoked as follows:
$ ansible-playbook -i inventory/kvm/inventory playbooks/configuration/cacti.yml --ask-vault-pass |