Setup and Install GLPI on CentOS 7

  • Setup and Install GLPI on CentOS 7

Setup and Install GLPI on CentOS 7

What is GLPI?:

GLPI is an open source information resource-manager . GLPI can be used to build up a database with an inventory for your companies technology infrastructure(computers, software, printers…). It has enhanced functions to make the daily life for the administrators easier, such as a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology. Needless to say GLPI is a very handy tool that is becoming more and more popular with IT departments.

Personally I have installed and used GLPI in many ways included having it as a inventory system for all my belongings at home. Though one thing I noticed was that an all-in-one installation guide did not exist that was simple and easy to understand. So in this article my goal is to go over how to install GLPI from the beginning to the end.

Environment Overview and Prerequisites:

  • CentOS 7 minimal install
    • Extra packages:
  • Web Server
    • Required:
      • Apache (httpd)
  • Database
    • Required:
      • Mariadb-server and mariadb
  • PHP
    • Required:
      • php, php-mysql, php-pdo, php-mbstring
    • Extra Packages:
      • php-gd, php-imap, php-ldap

For this guide I will be using CentOS 7 minimal 1611 with extra repositories (epel-release). Also listed are some of the packages you will need to install as well as some extra ones.  I will do my best to explain what each package and command does so that you have a better understanding of what you are going to be installing.

Initial Setup:
(For this guide I will be doing all my configurations via an ssh connection.)

To start you will need to open an ssh session to your CentOS 7 machine, if you are on windows you can use putty to achieve this. Once you are logged into your system run the following commands:

yum -y install epel-release
  • Command Explanation
    • Extra packages for enterprise Linux or epel is a special interest group from fedora that creates and maintains addition sets of packages for RHEL, SL and other Linux distros.
yum -y install net-tools vim wget
  • Command Explanation
    • net-tools
      • This command installs and allows for the use of the ifconfig command.
    • vim
      • A highly configurable text editor also known as vi.
    • wget
      • Program that can be used to retrieve content from web pages.

Prerequisites Setup:

(Please note that we will download GLPI right now but will not use right away. That will come later in the guide.)

Lets get started by downloading and installing some of you prerequisites.

wget https://github.com/glpi-project/glpi/releases/download/9.1.2/glpi-9.1.2.tgz
  • Command Explanation
    • wget
      • This command tell the system to download a package from a web address
        • Example: ‘mysite.com/mypackage.tgz’
yum -y install http php php-mysql php-pdo php-gd php-mbstring php-imap php-ldap mariadb-server mariadb
  • Command Explanation
    • http
      • Apache web server used for displaying websites
    • php
    • php-mysql php-pdo php-gd php-mbstring php-imap php-ldap
      • Extra PHP packages that allow for database communications, graph display, email…etc
    • mariadb-server and mariadb
      • Mariadb is a popular open source version of MySQL.

Once you have your packages installed it is time start configuring the services. Lets begin by allowing the system to host a website with Apache.

firewall-cmd --permanent --add-service=http
firewall-cmd --reload
  • Command Explanation
    • This command adds a persistent rule to your firewall to allow http traffic ie port 80 to your system.

Next we will enable our services to auto start

systemctl enable httpd
systemctl enable mariadb
  • Command Explanation
    • enable allows the service to auto start when the system comes online. Is persistent across reboots.

Next go ahead and start your web server and database

systemctl start httpd
systemctl start mariadb
  • Command Explanation
    • start does like it sounds, it turns the services on

Database Setup and Configurations:

Before we can start our GLPI installation we will need to configure the database.

mysql_secure_installation
  • Command Explanation
    • This will start an initial configuration screen for mariadb
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): ## Press Enter ##
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] ## Press Enter ##
New password: ## Enter new password ##
Re-enter new password: ## Re-enter new password ##
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] ## Press Enter ##
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] ## Press Enter ##
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] ## Press Enter ##
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] ## Press Enter ##
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

Now we can prep our GLPI database and sa(SA= service account). Login into your database using the username and password you specified earlier during the initial configuration.

mysql -u root -p
create database glpi;
CREATE USER 'SAYOURUSER'@'localhost' IDENTIFIED BY 'YOURPASSWORD';
GRANT ALL PRIVILEGES ON glpi. * TO 'SAUSERNAME'@'localhost' IDENTIFIED BY 'YOURPASSWORD';
FLUSH PRIVILEGES;
  • Command Explanation
    • CREATE DATABASE
      • Creates a database in mariadb
    • CREATE USER
      • Creates a user in mariadb on the localhost who is identified by a password
    • GRANT ALL PRIVILEGES
      • Grants all permissions on a database . table to a specific user identified by a password
    • FLUSH PRIVILEGES
      • Reloads all permissions for your mariadb database

Setup and Install GLPI:

Now remember the GLPI package we download earlier? Locate the GLPI package and run the following commands on it.

tar -xvf glpi-9.1.2.tgz
  • Command Explanation
    • TAR is a archive program
      • -xvf means to verbosely extract ‘file.tgz’

Now you should have a file called glpi in the same folder as you extracted it. You will need to copy the entire folder to your web directory. In CentOS that is located at /var/www/html

cp -R glpi /var/www/html
  • Command Explanation
    • CP means to copy the file or folder
      • -R means to recursively copy

Now since we are installing GLPI from its source, the permissions get a little funky.  The first thing we are going to do is to assign the correct user and permissions for our GLPI folder.

chmod -R 755 /var/www/html/glpi
chown -R apache:apache /var/www/html/glpi
  • Command Explanation
    • chmod
      • The system used to change access permissions to file object
      • -R is recursive for everything
      • 755 permission types for owner, group, and other
  • Command Explanation
    • chown
      • Changing the owner and group for a file or folder
      • -R is recursive for everything
      • apache:apache is the owner/group
  • So you may be thinking well that wasn’t so hard and you are right. Those commands are in the GLPI documentation though the following commands are not, which can and will stop this install in its tracks if you do not run them! Also please note if someone tells you to disable SELinux you stop and slap them in the face. SELinux is a great security tool that can be a last line of defense if your system was ever to become compromised. Yes SELinux can be hard to learn at first but it is worth it.

    chcon -R -t httpd_sys_rw_content_t /var/www/html/glpi/
    • Command Explanation
      • chcon
        • Changes the SELinux context for files.
          • -R is recursive
          • -t is the context type
          • httpd_sys_rw_content_t is the type meaning the file can be accessed from the internet.
    setsebool -P httpd_can_network_connect 1
    setsebool -P httpd_can_network_connect_db 1</span>
    setsebool -P httpd_can_sendmail 1
    • Command Explanation
      • setsebool
        • SELinux policy rules
        • -P persistent across reboots
        • httpd_can_xxx_xxx 1, boolean type and 1 to turn on

    Finish GLPI Installtion via Web Interface:

    The rest of the installation is very simple and easy to do. Please take a look that the pictures below to finish getting your GLPI installation up and running.

    This slideshow requires JavaScript.

    This slideshow requires JavaScript.

    Thoughts?:

    Thank you for taking the time to read this article I hope that it was helpful in some way to you. If you noticed anything wrong or have a better way of doing this please don’t hesitate to comment below or send me a email. Thank you!

    References:


    celeriummind-logo

    Leave a Reply