Installing iTop ITSM & CMDB on Centos 8 or Rocky Linux

iTop (IT Operational Portal) is an open source web-based product for automating enterprise IT departments and service providers. iTop is designed around ITIL / ITSM best practices and is flexible enough to adapt to your organization’s processes.

Preparation

Install a package of utilities for automatic graph visualization. we need the / usr / bin / dot component

$ sudo dnf -y install graphviz

Install additional utilities

$ sudo dnf -y install wget nano unzip dnf-utils policycoreutils-python-utils

Installing the Nginx web server

Install the NGINX web server. To do this, add a repository

$ sudo nano /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=https://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=https://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Install NGINX, add it to startup and run it. Checking the status, whether port 80 / tcp is involved

$ sudo dnf -y install nginx
$ sudo systemctl enable --now nginx
$ systemctl status nginx
$ ss -nltup

Firewall configuration

Allow connection on ports 80 / tcp (http), 443 / tcp (https)

$ sudo firewall-cmd --zone=public --add-service={http,https} --permanent
$ sudo firewall-cmd --reload

Install php, configure php-fpm

Add the Remirepo repository

$ sudo dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

We clean the metadata, update

$ sudo dnf clean metadata
$ sudo dnf -y update

Enable remi-7.4 module to install PHP 7.4 from the connected repository

$ sudo dnf module list php
$ sudo dnf module enable php:remi-7.4
$ sudo dnf module list php

Install PHP and required modules

$ sudo dnf -y install php php-fpm 
$ sudo dnf -y install php-common php-cli php-mysqlnd php-mcrypt php-ldap php-soap php-json php-xml php-gd php-zip

Configuring PHP

$ sudo sed -i '[email protected]^short_open_tag = .*@short_open_tag = [email protected]' /etc/php.ini
$ sudo sed -i '[email protected]^date.timezone = .*@date.timezone = Europe/[email protected]' /etc/php.ini

$ sudo sed -i '[email protected]^opcache.revalidate_freq= .*@[email protected]' /etc/php.d/10-opcache.ini

Setting up PHP-FPM. Change owner in php-fpm config

$ sudo sed -i '[email protected]^user = .*@user = [email protected]' /etc/php-fpm.d/www.conf
$ sudo sed -i '[email protected]^group = .*@group = [email protected]' /etc/php-fpm.d/www.conf
$ sudo sed -i '[email protected]^listen.owner = .*@listen.owner = [email protected]' /etc/php-fpm.d/www.conf
$ sudo sed -i '[email protected]^listen.group = .*@listen.group = [email protected]' /etc/php-fpm.d/www.conf

Change the owner of the directories (default is root: apache)

$ sudo chown -R root:nginx /var/lib/php/session
$ sudo chown -R root:nginx /var/lib/php/opcache
$ sudo chown -R root:nginx /var/lib/php/wsdlcache

Add php-fpm to autoload and start the service. We look at the status

$ sudo systemctl enable --now php-fpm
$ sudo systemctl status php-fpm

Installing iTop, configuring Nginx

Create directory for iTop

$ sudo mkdir -p /opt/itop

Downloading iTop

Download

Unpacking iTop

$ unzip iTop-2.7.4-7194.zip

Move the unpacked web directory to / opt / itop and change the owner

$ sudo mv web /opt/itop/
$ sudo chown -R nginx:nginx /opt/itop/

Disable default Nginx config

$ sudo mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.disabled

Create a new Nginx config

$ sudo nano /etc/nginx/conf.d/itop.conf
server {
    listen 80;
    server_name itop.itdraft.ru;

    root /opt/itop/web/;
    index index.php index.html index.htm;
    access_log /var/log/nginx/itop.access.log;
    error_log  /var/log/nginx/itop.error.log;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ .php$ {
        try_files $uri $uri/ =404;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_read_timeout 300;
    }
}

Checking the Nginx config for errors and restarting the web server

$ sudo nginx -t
$ sudo systemctl restart nginx

SELinux configuration

Add allowing rules for the / opt / itop / web directory

$ sudo chcon -R -t httpd_sys_rw_content_t /opt/itop/web
$ sudo setsebool -P httpd_can_network_connect on
$ sudo setsebool -P httpd_can_sendmail on

PS In the future, if you install extensions for iTop (extensions), for directories with extensions, you also need to add SELinux permissive rules

Installing the PerconaDB database server

Add the PerconaDB repository

$ sudo yum -y install https://repo.percona.com/yum/percona-release-latest.noarch.rpm

Choosing to install PerconaDB Server 8.0

$ sudo percona-release setup ps80

We clear the cache, install PerconaDB, add the service to startup and start it. Checking the version

$ sudo dnf makecache
$ sudo dnf install -y percona-server-server
$ sudo systemctl enable --now mysqld.service
$ mysql -V

We look at the generated root password

$ sudo grep "temporary password" /var/log/mysqld.log

Launching the initial PerconaDB setup

$ sudo mysql_secure_installation

Change the root password to a new one and answer questions

New pass: 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : N
Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
All done!

Alternatively, you can install the MariaDB database server

Install MariaDB, add the service to startup and start it. We look at the status. Check if port 3306 / tcp is involved

$ sudo dnf install mariadb-server mariadb -y
$ sudo systemctl enable --now mariadb
$ systemctl status mariadb
$ ss -nltup

Launching the initial MariaDB setup

$ sudo mysql_secure_installation

Set root password, answer questions

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
Thanks for using MariaDB!

Create a new base and user

Connecting to PerconaDB / MariaDB DBMS

$ mysql -u root -p

We look at the pre-installed databases, check the version

> show databases;
> select version();

Create a database and a user with a password for iTop

> CREATE DATABASE itopdb CHARACTER SET utf8 COLLATE utf8_bin;
> CREATE USER 'itopuser'@'localhost' IDENTIFIED BY 'tqHVy656MX_8RZfa';
> GRANT ALL PRIVILEGES ON itopdb.* to 'itopuser'@'localhost';
> FLUSH PRIVILEGES;
> quit;

Setting up iTop

Next, open the browser, go to the specified address (in this case: https://itop.itdraft.ru) and set up iTop. We set the parameters for connecting to the database, which add-ons to install, etc.

In the future, we will consider the integration of iTop with the FreeIPA directory service, resetting the admin password, setting up e-mail notifications and installing extensions both from the application store and in manual mode.

Related Posts