initial commit of file from CVS for smeserver-cacti on Sat Sep 7 20:12:27 AEST 2024

root/etc/e-smith/db/accounts/defaults/cacti/comment

@@ -0,0 +1 @@
+Placeholder for cacti URL

root/etc/e-smith/db/accounts/defaults/cacti/type

@@ -0,0 +1 @@
+url

root/etc/e-smith/db/configuration/defaults/cacti/DbDatabase

@@ -0,0 +1 @@
+cacti_sme

root/etc/e-smith/db/configuration/defaults/cacti/DbUser

@@ -0,0 +1 @@
+cacti

root/etc/e-smith/db/configuration/defaults/cacti/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/cacti/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/cacti/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/migrate/80cacti

@@ -0,0 +1,72 @@
+{
+    use MIME::Base64 qw(encode_base64);
+
+    my $service;
+    my $rec;
+    my $pw;
+
+    # Store the cacti password in the configuration database (if not already there)
+    $service = 'cacti';
+
+    $rec = $DB->get($service) || $DB->new_record($service, {type => 'service'});
+
+    $pw = $rec->prop('DbPassword');
+    
+
+	if (! $pw)
+    	{
+		
+		if ( open( RANDOM, "/dev/urandom" ) )
+	    	{
+        		my $buf;
+		        # 57 bytes is a full line of Base64 coding, and contains
+		        # 456 bits of randomness - given a perfectly random /dev/random
+	       		if ( read( RANDOM, $buf, 57 ) != 57 )
+	        	{
+	        	    warn("Short read from /dev/random: $!");
+	        	}
+	        	else
+	        	{
+	            		$pw = encode_base64($buf);
+	        	    chomp $pw;
+	        	}
+	        	close RANDOM;
+	    	}
+	    	else
+	    	{
+	    	    warn "Could not open /dev/urandom: $!";
+	    	}
+		
+	    	$rec->set_prop('DbPassword', $pw);
+	}
+    $pwa = $rec->prop('AdminPassword');
+        if (! $pwa)
+        {
+
+                if ( open( RANDOM, "/dev/urandom" ) )
+                {
+                        my $buf;
+                        # 57 bytes is a full line of Base64 coding, and contains
+                        # 456 bits of randomness - given a perfectly random /dev/random
+                        if ( read( RANDOM, $buf, 15 ) != 15 )
+                        {
+                            warn("Short read from /dev/random: $!");
+                        }
+                        else
+                        {
+                                $pwa = encode_base64($buf);
+                            chomp $pwa;
+                        }
+                        close RANDOM;
+                }
+                else
+                {
+                    warn "Could not open /dev/urandom: $!";
+                }
+
+                $rec->set_prop('AdminPassword', $pwa);
+        }
+
+
+
+}

root/etc/e-smith/events/actions/cacti-conf

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+#easy configuration of what is needed for cacti to work correctly
+something=0;
+psomething=0;
+#check if something already set, if not let's do it
+
+/sbin/e-smith/config getprop mariadb TmpTableSize 1>/dev/null || ( config setprop mariadb TmpTableSize 32M ; echo "setting mariadb TmpTableSize 32M" ; something=1)
+/sbin/e-smith/config getprop mariadb MaxHeapTableSize 1>/dev/null || ( config setprop mariadb MaxHeapTableSize 32M ; echo "setting mariadb MaxHeapTableSize 32M" ; something=1)
+/sbin/e-smith/config getprop mariadb JoinBufferSize 1>/dev/null || ( config setprop mariadb JoinBufferSize 62M ; echo "setting mariadb JoinBufferSize 62M" ; something=1)
+
+#/sbin/e-smith/config getprop php74 MemoryLimit  1>/dev/null || ( config setprop  php74 MemoryLimit 800M ; echo "setting php74 memory_limit 800M" ; psomething=1)
+# install detect cli for php not php74 even if $php_path is set
+
+#[ $something == 1 ] && /sbin/e-smith/expand-template /etc/my.cnf
+#[ $psomething == 1 ] && /usr/sbin/e-smith/expand-template /etc/opt/remi/php74/php.ini && /usr/bin/systemctl restart php74-php-fpm.service 

root/etc/e-smith/events/actions/cacti-install

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+# move to cli dir
+cd /usr/share/cacti/cli
+
+#install, we put away, it fails in the temp event in yum at first, so here is a dirty hack
+/usr/bin/php install_cacti.php &    
+pids=$!; sleep 3; kill -9 $pids;
+/usr/bin/php install_cacti.php  --accept-eula --install  || exit 0
+
+#TODO:
+#--automationmode
+#--automationrange with LAN if server-gateway; or only interface if server only
+#--lang (using an array between cacti option and system language)
+# using this to set ldap ? --ldap:dn:...
+# do we need a --mode=upgrade and a --mode=install 
+
+db=$(config getprop cacti DbDatabase || echo 'cacti_sme');
+user=$(config getprop cacti DbUser || echo 'cacti');
+pass=$(config getprop cacti DbPassword || echo 'changeme');
+adminpass=$(config getprop cacti AdminPassword || echo 'changeme');
+domain=$(config get DomainName)
+DN=$(perl  -Mesmith::util  -e "print esmith::util::ldapBase(\"$domain\");")
+
+# set ldap auth with optional group
+# ldap_group_require     'on' or '': user will enable if needed.
+# then set our admin password
+/usr/bin/mysql <<EOF
+REPLACE INTO ${db}.settings VALUES ('ldap_group_attrib','memberUid') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_group_dn','uid=cactigroup,ou=Groups,$DN') ;
+
+REPLACE INTO ${db}.settings VALUES ('ldap_tls_certificate','0') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_version','3') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_server','localhost') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_search_filter','objectClass=inetOrgPerson') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_search_base','ou=Users,$DN') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_referrals','0') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_port_ssl','636') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_port','389') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_mode','0') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_encryption','0') ;
+REPLACE INTO ${db}.settings VALUES ('ldap_dn','uid=<username>,ou=Users,$DN') ;
+REPLACE INTO ${db}.settings VALUES ('auth_method','3') ;
+REPLACE INTO ${db}.settings VALUES ('cn_full_name','cn') ;
+REPLACE INTO ${db}.settings VALUES ('cn_email','mail') ;
+REPLACE INTO ${db}.settings VALUES ('path_php_binary','/usr/bin/php74') ;
+
+REPLACE INTO ${db}.settings VALUES ('user_template','3');
+
+# set password of admin
+UPDATE ${db}.user_auth SET email_address='admin@${domain}', must_change_password='',password=md5('$adminpass'), enabled='on'  WHERE username='admin' and id='1';
+EOF
+

root/etc/e-smith/templates.metadata/etc/cacti/db.php

@@ -0,0 +1,3 @@
+UID="root"
+GID="www"
+PERMS=0640

root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/80cacti

@@ -0,0 +1 @@
+PERMS=0540

root/etc/e-smith/templates/etc/cacti/db.php/10DB

@@ -0,0 +1,54 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004 Ian Berry                                            |
+ |                                                                         |
+ | This program is free software; you can redistribute it and/or           |
+ | modify it under the terms of the GNU General Public License             |
+ | as published by the Free Software Foundation; either version 2          |
+ | of the License, or (at your option) any later version.                  |
+ |                                                                         |
+ | This program is distributed in the hope that it will be useful,         |
+ | but WITHOUT ANY WARRANTY; without even the implied warranty of          |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           |
+ | GNU General Public License for more details.                            |
+ +-------------------------------------------------------------------------+
+ | cacti: a php-based graphing solution                                    |
+ +-------------------------------------------------------------------------+
+ | Most of this code has been designed, written and is maintained by       |
+ | Ian Berry. See about.php for specific developer credit. Any questions   |
+ | or comments regarding this code should be directed to:                  |
+ | - iberry@raxnet.net                                                     |
+ +-------------------------------------------------------------------------+
+ | - raXnet - http://www.raxnet.net/                                       |
+ +-------------------------------------------------------------------------+
+*/
+
+/* make sure these values refect your actual database/host/user/password */
+$database_type = "mysql";
+$database_default = "{$cacti{'DbDatabase'}}";
+$database_hostname = "localhost";
+$database_username = "{$cacti{'DbUser'}}";
+$database_password =  "{$cacti{'DbPassword'}}";
+$database_port = "3306";
+
+/* 
+ * Server is a remote poller, then these entries point to
+ * the main cacti server. Otherwise, these variables have no use and
+ * must remain commented out.
+ */
+
+#$rdatabase_type     = 'myql';
+#$rdatabase_default  = 'cacti';
+#$rdatabase_hostname = 'localhost';
+#$rdatabase_username = 'cactiuser';
+#$rdatabase_password = 'cactiuser';
+#$rdatabase_port     = '3306';
+#$rdatabase_retries  = 5;
+#$rdatabase_ssl      = false;
+#$rdatabase_ssl_key  = '';
+#$rdatabase_ssl_cert = '';
+#$rdatabase_ssl_ca   = '';
+
+
+

root/etc/e-smith/templates/etc/cacti/db.php/12poller_id

@@ -0,0 +1,7 @@
+/*
+ * The poller_id of this system.  set to `1` for the main cacti web server.
+ * Otherwise, you this value should be the poller_id for the remote poller.
+ */
+
+$poller_id = 1;
+

root/etc/e-smith/templates/etc/cacti/db.php/15urlpath

@@ -0,0 +1,9 @@
+/*
+ * Set the $url_path to point to the default URL of your cacti install.
+ * For exmaple if your cacti install as at `https://serverip/cacti/` this
+ * would be set to `/cacti/`.
+ */
+
+$url_path = '/cacti/';
+
+

root/etc/e-smith/templates/etc/cacti/db.php/25session

@@ -0,0 +1,19 @@
+/*
+ * Default session name - session name must contain alpha characters
+ */
+
+$cacti_session_name = 'Cacti';
+
+/*
+ * Default Cookie domain - The cookie domain to be used for Cacti
+ */
+
+//$cacti_cookie_domain = 'cacti.net';
+
+/*
+ * Save sessions to a database for load balancing
+ */
+
+$cacti_db_session = false;
+
+

root/etc/e-smith/templates/etc/cacti/db.php/30log

@@ -0,0 +1,6 @@
+/*
+ * Disable log rotation settings for packagers
+ */
+
+$disable_log_rotation = true;
+

root/etc/e-smith/templates/etc/cacti/db.php/40input

@@ -0,0 +1,18 @@
+/*
+ * Optional parameters to define scripts and resource paths. These
+ * variables become important when using remote poller installs when the
+ * scripts and resource files are not in the main Cacti web server path.
+ */
+
+//$scripts_path = '/var/www/html/cacti/scripts';
+//$resource_path = '/var/www/html/cacti/resource/';
+
+/*
+ * Optional parameter to define a data input whitelist command string. This
+ * whitelist file will help protect cacti from unauthorized changes to Cacti
+ * data input command string.
+ */
+
+//$input_whitelist = '/usr/local/etc/cacti/input_whitelist.json';
+
+

root/etc/e-smith/templates/etc/cacti/db.php/50php

@@ -0,0 +1,6 @@
+/*
+ * Optional parameter to give explicit path to PHP
+ */
+$php_path = '/usr/bin/php74';
+
+

root/etc/e-smith/templates/etc/cacti/db.php/60snmp

@@ -0,0 +1,8 @@
+/*
+ * Optional parameter to disable the PHP SNMP extension. If not set, defaults
+ * to class_exists('SNMP').
+ */
+
+//$php_snmp_support = false;
+
+

root/etc/e-smith/templates/etc/cacti/db.php/70csrf

@@ -0,0 +1,8 @@
+/*
+ * Optional parameter to define the path of the csrf_secret.php path.  This
+ * variable is for packagers who wish to specify an alternate location of
+ * the CRSF secret file.
+ */
+
+$path_csrf_secret = '/var/lib/cacti/csrf/csrf-secret.php';
+

root/etc/e-smith/templates/etc/cacti/db.php/90DEBUG

@@ -0,0 +1,30 @@
+/*
+ * The following are optional variables for debugging low level system
+ * functions that are generally only used by Cacti Developers to help
+ * identify potential issues in commonly used functions
+ *
+ * To use them, uncomment and the equivalent field will be set in the
+ * $config variable allowing for instant on but still allowing the
+ * ability to fine turn and turn them off.
+ */
+
+/*
+ * Debug the read_config_option program flow
+ */
+# define('DEBUG_READ_CONFIG_OPTION', true);
+
+/*
+ * Automatically suppress the DEBUG_READ_CONFIG_OPTION
+ */
+# define('DEBUG_READ_CONFIG_OPTION_DB_OPEN', true);
+
+/*
+ * Always write the SQL command to the cacti log file
+ */
+# define('DEBUG_SQL_CMD', true);
+
+/*
+ * Debug the flow of calls to the db_xxx functions that
+ * are defined in lib/database.php
+ */
+# define('DEBUG_SQL_FLOW', true);

root/etc/e-smith/templates/etc/cacti/db.php/95end

@@ -0,0 +1 @@
+?>

root/etc/e-smith/templates/etc/crontab/86cacti

@@ -0,0 +1,11 @@
+# cacti poller:
+{
+if ($cacti{'status'} eq "enabled")
+	{
+	$OUT .="*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2> /dev/null &\n";
+	}
+else
+	{
+	 $OUT .="# cacti disabled";
+	}
+}

root/etc/e-smith/templates/etc/e-smith/sql/init/80cacti

@@ -0,0 +1,34 @@
+{
+    my $db = $cacti{DbDatabase} || 'cacti_sme';
+    my $user = $cacti{DbUser} || 'cacti';
+    my $pass = $cacti{DbPassword} || 'changeme';
+    $OUT .= <<END
+#!/bin/bash
+    if [ -d /var/lib/mysql/$db ]; then
+      /usr/bin/mysql <<EOF
+    use $db;
+    use mysql;
+    ALTER DATABASE $db  COLLATE = 'utf8mb4_unicode_ci';
+    GRANT ALL PRIVILEGES ON $db.* TO $user\@localhost
+            IDENTIFIED BY '$pass';
+    GRANT SELECT ON mysql.time_zone_name TO '$user'\@'localhost';
+    flush privileges;
+EOF
+
+
+      exit
+    fi
+    /usr/bin/mysql <<EOF
+    CREATE DATABASE $db DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+    use $db;
+    use mysql;
+    GRANT ALL PRIVILEGES ON $db.* TO $user\@localhost
+            IDENTIFIED BY '$pass';
+    GRANT SELECT ON mysql.time_zone_name TO '$user'\@'localhost';
+    flush privileges;
+EOF
+    /usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo/ 2>/dev/null |/usr/bin/mysql mysql
+    /usr/bin/mysql $db < \$(rpm -ql cacti|grep cacti.sql) 
+    #/usr/bin/mysql $db < /etc/e-smith/db/configuration/migrate/80cacti_sme.sql
+END
+}

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/86Cacti

@@ -0,0 +1,23 @@
+
+# Cacti template
+Alias /cacti    /usr/share/cacti
+<Directory /usr/share/cacti>
+    SSLRequireSSL 
+    Options -Indexes
+    AllowOverride None
+    Require { (($cacti{'access'} ||"private") eq "public") ? "all granted" : "ip $localAccess $externalSSLAccess"; } 
+    AddType application/x-httpd-php .php
+    <FilesMatch \.php$ >
+      SetHandler "proxy:unix:/var/run/php-fpm/php74-cacti.sock|fcgi://localhost"
+    </FilesMatch>
+</Directory>
+
+
+
+<Directory /usr/share/cacti/log>
+     Require all denied
+</Directory>
+<Directory /usr/share/cacti/rra>
+     Require all denied
+</Directory>
+							

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30Cacti

@@ -0,0 +1,9 @@
+{
+
+    if ($port eq "80") 
+    {
+        $OUT = '    RewriteRule ^/cacti(/.*|$)    https://%{HTTP_HOST}/cacti$1 [L,R]';
+    } else {
+        $OUT = '    Alias /cacti /usr/share/cacti';
+    }
+}

root/etc/e-smith/templates/etc/my.cnf/098cacti

@@ -0,0 +1,5 @@
+[mariadb-5.5]
+#for cacti use
+innodb_buffer_pool_size=483M
+innodb_additional_mem_pool_size=80M
+innodb_flush_log_at_trx_commit=2

root/etc/e-smith/templates/etc/php-fpm.d/www.conf/15cacti

@@ -0,0 +1,68 @@
+{
+
+if ($PHP_VERSION eq '74'){
+  if (($cacti{'status'} || 'disabled') eq 'enabled'){
+    my $max_upload_size = ($cacti{MaxUploadSize} || '4096');
+    $max_upload_size .= 'M' if ($max_upload_size =~ m/^\d+$/);
+    my $memory_limit = ($cacti{MemoryLimit} || '500M');
+    $memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
+    my $open_basedir= $cacti{PHPBaseDir} || '';
+    $open_basedir = "/tmp/:/share/:/var/log/cacti:/etc/cacti/db.php:/usr/share/cacti:/var/lib/cacti:/var/log/cacti.log:/var/lib/php/cacti:/home/e-smith/files/cacti:/dev/urandom:/proc/meminfo:$open_basedir";
+    my $id = 'cacti';
+    my $max_children = $cacti{'PHPmaxChildren'} || 20;
+    my $min_spare_servers = $cacti{'PHPminServers'} || 4;
+    my $start_servers = $cacti{'PHPstartServers'} || 6;
+    my $max_spare_servers = $cacti{'PHPmaxServers'} || 8;
+    my $max_requests = $cacti{'PHPmaxRequests'} || 1000;
+    $min_spare_servers = ( $min_spare_servers > $max_spare_servers ) ? printf("%.0f",$max_spare_servers/2) : $min_spare_servers;
+    $start_servers = ( $start_servers > $max_spare_servers ) ? printf("%.0f", $max_spare_servers /2 +  $min_spare_servers/2  ) : $start_servers;
+
+    $OUT .=<<_EOF;
+
+[php$PHP_VERSION-$id]
+user = www
+group = www
+listen.owner = root
+listen.group = www
+listen.mode = 0660
+listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
+pm = dynamic
+pm.max_children = $max_children
+pm.start_servers = $start_servers
+pm.min_spare_servers = $min_spare_servers
+pm.max_spare_servers = $max_spare_servers
+pm.max_requests = $max_requests
+php_admin_value[session.save_path] = /var/lib/php/$id/session
+php_admin_value[session.gc_maxlifetime] = 86400
+;php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
+php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
+php_admin_value[error_log] = /var/log/php/$id/error.log
+slowlog = /var/log/php/cacti/slow.log
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
+php_admin_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = $memory_limit
+php_admin_value[max_execution_time] = 3600
+php_admin_value[post_max_size] = $max_upload_size
+php_admin_value[upload_max_filesize] = $max_upload_size
+;php_admin_value[disable_functions] = system, show_source, symlink, dl, passthru, phpinfo, escapeshellarg, escapeshellcmd
+;php_admin_value[open_basedir] = $open_basedir
+php_admin_flag[allow_url_fopen] = on
+php_admin_flag[file_upload] = on
+;php_admin_flag[session.cookie_httponly] = on
+;php_admin_flag[allow_url_include] = off
+;php_admin_value[session.save_handler] = files
+;php_admin_flag[output_buffering] = off
+
+_EOF
+
+  }
+  else{
+    $OUT .= '; Cacti is disabled';
+  }
+}
+}
+
+
+