Grafana Installation\OracleLinux

From r00tedvw.com wiki
Jump to: navigation, search

Ubuntu Installation | OracleLinux Installation

Contents

Overview

Grafana Installation on Oracle Linux 6.8

Network Config

If you installed the basic package, most likely the NIC is not configured for DHCP. try:

User ~ $ system-config-network

Once DHCP is configured, the next step is to restart the NIC.

User ~ $ ifdown eth0
User ~ $ ifup eth0
 
Determining IP information for eth0... done.
User ~ $ifconfig eth0

Make sure your hostname is defined in /etc/sysconfig/network

HOSTNAME=server.fqdn.com

Also for the network config, put your FQDN in the hosts file @ /etc/hosts

127.0.0.1   server.fqdn.com
::1   server.fqdn.com
OR
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
ip.address	fqdn.hostname

connect on boot

By default the network interface comes turned off on boot.

~$ sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0c:29:4f:09:c8
TYPE=Ethernet
UUID=5eed1f7e-74da-4841-b03b-3d4cc0812ade
ONBOOT=no
NM_CONTROLLED=yes
BOOTPROTO=dhcp
USERCTL=no
PEERDNS=yes
IPV6INIT=no

Change it so it automatically starts and connects on boot

ONBOOT=yes

Sudoers Config

Personally I prefer to use a group for sudoer management. Specify a unique UID so that it will be the same on all servers (manually dictate).

# groupadd -g <unique UID> sudo

Now we can add the group to the sudoers file

# visudo
Add the following under the entry for root

## Allows members of the 'sudo' group to run all commands anywhere
%sudo     ALL=(ALL)          ALL

Add new user(s) and make them a part of the new sudo group

# useradd -G sudo -u <unique UID> user_a

Change the password of the user

# passwd <username>

SSH Config

With Oracle Linux 6.8, openssh should be installed by default, but if it isnt:

#yum install openssl openssh-server


Grafana Repo

Create a new repo file for grafana

~$ sudo vi /etc/yum.repos.d/grafana.repo
Add:
[grafana]
name=grafana
baseurl=https://packagecloud.io/grafana/stable/el/6/$basearch
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packagecloud.io/gpg.key https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt

Update repo cache

~$ sudo yum makecache

Grafana, MySQL, Apache2 Installation

Now lets install grafana and the other required packages

~$ sudo yum install grafana mysql-server httpd

Start grafana

~$ sudo service grafana-server start

Make grafana start at boot

~$ sudo /sbin/chkconfig --add grafana-server

MySQL Configuration

We already downloaded and installed mysql in the last step, so lets now configure it.
Make sure mysql is started.

~$ sudo service mysqld status
or
sudo service mysqld start 

setup the basics

~$ sudo mysql_secure_installation
Enter current password for root (enter for none): [enter]
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Add user and Database

~$ mysql -u root -p
~$ mysql> CREATE USER 'grafana'@'localhost' IDENTIFIED BY 'THISpasswordSHOULDbeCHANGED';
~$ mysql> CREATE DATABASE grafanadatabase;
~$ mysql> GRANT ALL PRIVILEGES ON grafana.* TO 'grafana'@'localhost' IDENTIFIED BY 'grafanauserpassword' WITH GRANT OPTION;
~$ mysql> exit

verify permissions have been granted

~$ mysql -u grafana -p
~$ mysql> SHOW GRANTS;
+---------------------------------------------------------------------------------------------------------------+
| Grants for grafana@localhost                                                                                   |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'grafana'@'localhost' IDENTIFIED BY PASSWORD '*2K21458K438UYE85A38B9Y7Y78DAEBF4T8689YK4' |
| GRANT ALL PRIVILEGES ON `grafanadatabase`.* TO 'grafana'@'localhost' WITH GRANT OPTION                          |
+---------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

Configure Grafana

Edit /etc/grafana/grafana.ini and fill in the nessesary components.

~$ sudo vi /etc/grafana/grafana.ini

[database]
[database]
# Either "mysql", "postgres" or "sqlite3", it's your choice
type = mysql
host = 127.0.0.1:3306
name = grafanadatabase
user = grafana
password = grafanauserpassword

[server]
protocol = http
http_addr = 127.0.0.1
http_port = 3000
domain = grafana.domain.com
enforce_domain = true
root_url = %(protocol)s://%(domain)s/

[security]
admin_user = admin
admin_password = SecureAdminPass
secret_key = somelongrandomstringkey

Apache Config Prep

Before we can move on to the apache config, we need to make sure we can install the appropriate mods. If you have not added the epel repos, then you probably wont find these:

~$ sudo yum info mod_proxy_html
Loaded plugins: security, ulninfo
Error: No matching Packages to list

You can confirm you don't have the EPEL repos also:

~$ yum repolist
Loaded plugins: security, ulninfo
grafana                                                                                   14/14
repo id           repo name                                                               status
grafana           grafana                                                                     14
public_ol6_UEKR4  Latest Unbreakable Enterprise Kernel Release 4 for Oracle Linux 6Server    179
public_ol6_latest Oracle Linux 6Server Latest (x86_64)                                    36,466
repolist: 36,659

Adding EPEL repos

So let's add the EPEL repos:

~$ wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
~$ rpm -ivh epel-release-6-8.noarch.rpm
~$ yum repolist
Loaded plugins: security, ulninfo
epel/metalink                                                            |  13 kB     00:00     
epel                                                                     | 4.3 kB     00:00     
epel/primary_db                                                          | 5.9 MB     00:00     
repo id           repo name                                                               status
epel              Extra Packages for Enterprise Linux 6 - x86_64                          12,221
grafana           grafana                                                                     14
public_ol6_UEKR4  Latest Unbreakable Enterprise Kernel Release 4 for Oracle Linux 6Server    179
public_ol6_latest Oracle Linux 6Server Latest (x86_64)                                    36,466
repolist: 48,880

Installing mod_proxy_html

This mod, mod_proxy_html, contains both of the mods we need to add:

mod_proxy_html
mod_xml2enc

If you wanted to check this before installing, you could do:

$ sudo repoquery -l mod_proxy_html

/etc/httpd/conf.d/proxy_html.conf
/usr/lib64/httpd/modules/mod_proxy_html.so
/usr/lib64/httpd/modules/mod_xml2enc.so
/usr/share/doc/mod_proxy_html-3.1.2
/usr/share/doc/mod_proxy_html-3.1.2/COPYING
/usr/share/doc/mod_proxy_html-3.1.2/README

To install is simple:

~$ sudo yum install mod_proxy_html

Restart apache

~$ sudo service httpd restart

and check to verify the new mods are listed

~$ ls /etc/httpd/modules/
These should be listed:
mod_proxy_html.so
mod_xml2enc.so

There's no need to list a LoadModule entry for these in /etc/httpd/conf/httpd.conf because the package added /etc/httpd/conf.d/proxy_html.conf which contains both already.
httpd.conf should have an include statement to pull in all conf files from /etc/httpd/conf.d/*.conf like so:

Include conf.d/*.conf

Apache Config

make a backup of the default httpd.conf

~$ sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default

make sure that the following is in your httpd.conf and is NOT commented out

Include conf.d/*.conf

also in httpd.conf make sure to specify your host's name

ServerName server.fqdn.com

Make a new conf file just for this site under /etc/httpd/conf.d/
edit grafana.conf

~$ sudo vi /etc/httpd/conf.d/grafana.conf
add:
<VirtualHost *:80>
 	ProxyPreserveHost On
 	ProxyPass / http://127.0.0.1:3000/ retry=0 timeout=5
 	ProxyPassReverse / http://127.0.0.1:3000/
 	ServerName grafana.domain.com
       TransferLog logs/servername-access_log
       ErrorLog logs/servername-error_log
</VirtualHost>


NOTE: In order for the http reverse proxy feature to work, you MUST use a fqdn. You cannot use an IP address as the ServerName or Hostname

SELinux Allow

By default SELinux will block the reverse proxy from working. You'll see something like this:

~$ sudo vi /var/log/audit/audit.log
type=AVC msg=audit(1265039669.305:14): avc:  denied  { name_connect } for  pid=4343 comm="httpd" dest=7009 
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

To test and see if it's an issue with SELinux, you can do a quick test by setting it to permissive, which should maintain until the next reboot.

<nowik>~$ sudo setenforce permissive</nowiki>

If this does the trick, try being more specific

~$ /usr/sbin/setsebool httpd_can_network_connect 1

In order to fix this permanently, you can do

~$ /usr/sbin/setsebool -P httpd_can_network_connect 1

Or you can set SELinux to permissive across the board (semi-disabling)

~$ sudo vi /etc/sysconfig/selinux
Change
SELINUX=enforcing 
>>
SELINUX=permissive
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Covid
NCDMV
Toolbox