7 октября 2019
In whatever position people are, they can always find convenience and inconvenience.
— Benjamin Franklin
Quite often in small and medium-sized companies there are excel files that describe the equipment, IP addresses of this equipment, subnets, passwords, and much more that relates to IT. And that's only the case when you were lucky with the administrator, who kept such a document and updated it a timely manner. What if this file doesn't exist? Does the system administrator remember everything? What if this file gets corrupted? Or if you employ a new person to assist current system administrator, and you need to give them access to only part of the network information?
Today we will look at a free software product called IP address management (phpIPAM).
Checking the requirements
As usual we will first check the requirements for the phpIPAM IP address management system:
- Apache2 or Nginx web server;
- MySQL 5.1+/MariaDB DBMS;
- PHP 7.2+ for phpIPAM 1.3.2+, for phpIPAM version 1.3.1 you need PHP 5.3, for phpIPAM 1.4 you need PHP 5.4;
- GIT(for installation);
- many different php modules: pdo, pdo_mysql, session, sockets, openssl, gmp, ldap, crypt, SimpleXML, json, gettext, filter, pcntl, cli, mbstring.
For more detailed and independent information, you can visit the official website.
Installation
All installations will be done from the root user, so we will not see sudo commands here. Also, in this article, we will not consider installing an SSL certificate or setting up a site domain name, assuming that the system will be installed in the company's secure network (intranet) only for the internal needs of this very company. If you still decide to give access from outside, you can use our other articles, the settings of web servers will be similar.
First, install the EPEL package, where the php-mcrypt module is located, which is necessary for secure access to the API.
# yum install -y epel-releaseWe will also install several convenient packages:
# yum install -y net-tools bind-utils mcNow you need to set the correct localization required for the correct translation and normal operation of the system:
# vi /etc/environmentLC_ALL=en_US.utf-8
LANG=en_US.utf-8Installing MariaDB
At the time of writing, the repository contains version 5.5.60. On the official website, we see that the current version of the 5th is 5.5.64, and the 10th is 10.4. You can install it yourself from the official MariaDB page.
# vi /etc/yum.repos.d/MariaDB.repo# MariaDB 10.4 CentOS repository list - created 2020-02-26 09:23 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1Now install the database itself:
# yum install -y mariadb-serverEnable autoloading and launch the MariaDB database daemon:
# systemctl enable mariadb
# systemctl start mariadbSince we will be using our DBMS server in the company, we need to perform basic installations, MariaDB has a great command:
# mysql_secure_installationDuring the execution of this command, questions will be asked, do not worry, there is nothing complicated here. At the very beginning, you are prompted to enter the current password for the DBMS root user. Since we have just installed the server, this user does not have a password, so just press Enter:
Enter current password for root (enter for none):
OK, successfully used password, moving on...Next, we are offered to use unix_socket for authorization, we do not need it, so we refuse and enter "n":
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [y/n] nThen we will be asked if we need to set a password for the root user; of course, we do:
Set root password? [y/n] y
New password:
Re-enter new password:
Password updated successfully!Next, a question about disabling anonymous users; of course, we do not need them, so we agree:
Remove anonymous users? [y/n] y
... Success!Disabling remote access for the root user:
Disallow root login remotely? [Y/n] y
... Success!Deleting the test database:
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!And reloading privileges:
Reload privilege tables now? [Y/n] y
... Success!This completes the installation of MariaDB.
Installing Apache
CentOS 7.7 doesn't have the latest Apache version, but it is also not very old (2.4.6 vs. 2.4.41), so you can install it from the repository:
# yum install -y httpdNow you need to edit the /etc/httpd/conf/httpd file.conf file and change several sections:
# vi /etc/httpd/conf/httpd.conf< Directory "/var/www/html">
Options FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
< Directory>And also find the line and change, for example, to the address of your site (your_domain):
ServerName < your_domain>:80We will not start the server yet; we still need to install php.
Installing PHP
You can install the current version located in the repository (5.4.16), you can install it from sources, but we will install it from the REMI repository packages.
To do this, we first need to connect the EPEL repository, but we have already installed it previously, so skip this step and install REMI:
# rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpmNow let's see which versions of php are available to us:
# ls /etc/yum.repos.d/remi* | grep php
/etc/yum.repos.d/remi-php54.repo
/etc/yum.repos.d/remi-php70.repo
/etc/yum.repos.d/remi-php71.repo
/etc/yum.repos.d/remi-php72.repo
/etc/yum.repos.d/remi-php73.repo
/etc/yum.repos.d/remi-php74.repoIt remains to activate the desired repository by changing the enabled parameter to 1 in the [remi-php74] section:
# vi /etc/yum.repos.d/remi-php74.repo[remi-php74]
name=Remi's PHP 7.4 RPM repository for Enterprise Linux 7 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/7/php74/$basearch/
#mirrorlist=https://rpms.remirepo.net/enterprise/7/php74/httpsmirror
mirrorlist=http://cdn.remirepo.net/enterprise/7/php74/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remiNow let's update the packages:
# yum updateThis is the preparatory part with the installation of important components of the latest versions, we will install everything in bulk:
# yum install -y git php php-{mysql,curl,gd,intl,pear,imap,memcache,pspell,recode,tidy,xmlrpc,mbstring,gettext,json,xml,fpm,cli,common,ldap,pdo,snmp,mcrypt,gmp}Set the time zone in the php file.ini:
# vi /etc/php.inidate.timezone = Asia/YekaterinburgThe list of available time zones can be found on the official website.
Now you can enable startup and start Apache:
# systemctl enable httpd
# systemctl start httpdInstalling phpIPAM
Now we start installing phpIPAM itself. To do this, we need to go to the folder and download from the repository:
# cd /var/www/html/
# git clone --recursive https://github.com/phpipam/phpipam.git .
Cloning into '.'...
remote: Enumerating objects: 74, done.
remote: Counting objects: 100% (74/74), done.
remote: Compressing objects: 100% (55/55), done.
remote: Total 24814 (delta 31), reused 43 (delta 19), pack-reused 24740
Receiving objects: 100% (24814/24814), 16.46 MiB | 1.17 MiB/s, done.
Resolving deltas: 100% (18166/18166), done.
Submodule 'app/login/captcha' (https://github.com/dapphp/securimage.git) registered for path 'app/login/captcha'
Submodule 'functions/GoogleAuthenticator' (https://github.com/PHPGangsta/GoogleAuthenticator) registered for path 'functions/GoogleAuthenticator'
Submodule 'functions/PHPMailer' (https://github.com/PHPMailer/PHPMailer.git) registered for path 'functions/PHPMailer'
Submodule 'functions/php-saml' (https://github.com/onelogin/php-saml.git) registered for path 'functions/php-saml'
Submodule 'functions/qrcodejs' (https://github.com/davidshimjs/qrcodejs) registered for path 'functions/qrcodejs'
Cloning into 'app/login/captcha'...
remote: Enumerating objects: 1190, done.
remote: Total 1190 (delta 0), reused 0 (delta 0), pack-reused 1190
Receiving objects: 100% (1190/1190), 11.04 MiB | 2.39 MiB/s, done.
Resolving deltas: 100% (592/592), done.
Submodule path 'app/login/captcha': checked out '1ecb884797c66e01a875c058def46c85aecea45b'
Cloning into 'functions/GoogleAuthenticator'...
remote: Enumerating objects: 209, done.
remote: Total 209 (delta 0), reused 0 (delta 0), pack-reused 209
Receiving objects: 100% (209/209), 35.38 KiB | 0 bytes/s, done.
Resolving deltas: 100% (89/89), done.
Submodule path 'functions/GoogleAuthenticator': checked out '3baa997f399d4afd5d6a81d42244ec9cc3eeb080'
Cloning into 'functions/PHPMailer'...
remote: Enumerating objects: 44, done.
remote: Counting objects: 100% (44/44), done.
remote: Compressing objects: 100% (27/27), done.
remote: Total 6942 (delta 20), reused 32 (delta 17), pack-reused 6898
Receiving objects: 100% (6942/6942), 4.64 MiB | 4.25 MiB/s, done.
Resolving deltas: 100% (4558/4558), done.
Submodule path 'functions/PHPMailer': checked out '59495db0b14c17f5a370359df0ad7b2e004391a2'
Cloning into 'functions/php-saml'...
remote: Enumerating objects: 7, done.
remote: Counting objects: 100% (7/7), done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 5150 (delta 1), reused 1 (delta 0), pack-reused 5143
Receiving objects: 100% (5150/5150), 3.04 MiB | 1.86 MiB/s, done.
Resolving deltas: 100% (3040/3040), done.
Submodule path 'functions/php-saml': checked out 'ea5b7822aa1b4ce14aa88d0e35edf65ebb2f91c8'
Cloning into 'functions/qrcodejs'...
remote: Enumerating objects: 171, done.
remote: Total 171 (delta 0), reused 0 (delta 0), pack-reused 171
Receiving objects: 100% (171/171), 132.13 KiB | 0 bytes/s, done.
Resolving deltas: 100% (80/80), done.
Submodule path 'functions/qrcodejs': checked out '04f46c6a0708418cb7b96fc563eacae0fbf77674'
# git checkout 1.4Now let's put the file rights in order:
# chown apache:apache -R /var/www/html/If you are using SELinux, we will also make the necessary edits:
# chcon -R -t httpd_sys_content_t /var/www/html/Let's continue to put the file rights in order:
# cd /var/www/html/
# find . -type f -exec chmod 0644 {} \;
# find . -type d -exec chmod 0755 {} \;Edit SELinux settings again:
# chcon -R -t httpd_sys_rw_content_t app/admin/import-export/upload/
# chcon -R -t httpd_sys_rw_content_t app/subnets/import-subnet/upload/
# chcon -R -t httpd_sys_rw_content_t css/1.4.0/images/logo/Now let's start setting up the database connection:
# cd /var/www/html/
# cp config.dist.php config.phpYou can change the database connection settings in this file:
$db['host'] = "localhost";
$db['user'] = "phpipam";
$db['pass'] = "phpipamadmin";
$db['name'] = "phpipam";ATTENTION! It is highly recommended to change the default settings, at least the password.
And if you want to use a subdirectory, for example, http://your_domain.com/phpipam/, then you need to change another parameter:
define('BASE', "/");Now we go to the address of our server through the browser and... and nothing will happen, since we did not edit the firewall settings; we will fix it:
# firewall-cmd --permanent --add-service=http
# firewall-cmd --reloadAgain, go to our site. If we have not installed some php module, we will get a message about it, like this:
Do not worry, reinstall the necessary module, restart Apache:
# systemctl restart httpdAgain, go to the site address:
Here we are asked for options: installation, migration from another server, or returning to the current working phpIPAM server if this screen accidentally occurred. Select the “New phpipam installation item”.
Then we are asked to choose how to install the database: automatically, using the settings from the config file.php, via import or manually. We are interested in the first option, which is “Automatic database installation”.
Next, enter the username/password of the root user and the parameters for connecting to the database, you can open additional parameters by clicking the "Show advanced options" button. After entering, click "Install phpipam database". Then installation is complete, a message below should appear:
Click "Continue" and now you need to enter the password for the administrator account, as well as the name of your site and the site address:
After saving the settings (the "Save settings" button), the "Proceed to login" button will appear, click it and you only need to enter your username/password:
Congratulations, we have completed the installation:
Small tips
To complete the installation, you only need to automate the creation of database backups. We will add the following to the cron for daily backups and automatic deletion of archives older than 10 days:
# crontab -e@daily /usr/bin/mysqldump -u < your_name> -p < your_password> phpipam > /var/www/html/db/bkp/phpipam_bkp_$(date +"\%y\%m\%d").db
@daily /usr/bin/find /var/www/html/db/bkp/ -ctime +10 -exec rm {} \;Instead of your_name and your_password, specify the user name and password that you used in the config.php file. If you also changed the name of the database (by default, phpipam), then you need to change it in this line.
In addition, for the network scanner to work correctly, you must disable SELinux or configure it correctly.
# cd /var/www/html/
# getenforce
Enforcing
# setenforce 0
# getenforce
PermissiveNow let's set autorun to run scripts at 15 minute intervals:
# crontab -e# update host statuses exery 15 minutes
*/15 * * * * /usr/bin/php /var/www/html/functions/scripts/pingCheck.php
*/15 * * * * /usr/bin/php /var/www/html/functions/scripts/discoveryCheck.phpLocalization
You can set up your own localization for each user here. There is a list of pre-installed languages, which can be viewed by selecting the “Languages" menu item from the “Administration" drop-down menu:
Go to the “Administration -> Users" menu and select changing the admin user settings (click on the gear on the right opposite the user, select the “Edit user" item”):
In the window that appears, change the language settings and re-enter phpIPAM.
You can set system-wide language settings and when adding a new user, the desired language will be automatically selected. To do this, select “Administration -> phpIPAM settings”, and then change the “Main language”:
Brief description of features
The phpIPAM IP address management system has huge capabilities and flexibility. The full list of features can be found on the official website. We will briefly describe interesting features here. Of course, we are interested in the presence of a system for notifying changes, which is implemented via email:
To facilitate your work, there are options for importing and exporting from other systems in csv file format:
You don't have to worry about the absence of any fields for each "entity", here you can add your own, for example, as in the screenshot below, 3 fields are added for the “VLAN " entity:
Very convenient work with IP addresses, automatic reservation of the subnet when creating, a lot of other features:
You can add subnets to a VLAN, you can immediately see which VLANs are used, and you can easily add new ones:
We should also mention the “Device” and “Rack”entities. When you add a device and link it to the rack it is automatically rendered as in the screenshot below:
phpIPAM update
The phpIPAM IP address management system will automatically notify you of the update with an icon:
We will explain the entire process, which you can find yourself on the official website of phpIPAM. First let's look at the list of changes:
Be sure to check the requirements. For example, phpIPAM version 1.4 will not work on PHP version 5.3.
After verifying the requirements, the upgrade process can be divided into 3 stages:
- Creating a backup copy of the database(DB);
- Updating phpIPAM files;
- Database update.
You can make a backup of the database from the web interface in the section "Administration - > Import/Export". Or you can do the same from the console:
# cd /var/www/html/
# /usr/bin/mysqldump -u < your_user> -p < your_password> < your_db_name> > db/bkp/phpipam_migration_backup.dbwhere:
your_user - database user (you can use the user from the config.php file)
your_password - password for the database user (you can use the user password from the config.php file)
your_db_name - name of the database specified in config.php
You also need to copy the config.php file:
# cd /var/www/html/
# cp ./config.php ./config.php.bkpSince we installed through git, you can also update it through it:
# cd /var/www/html/
# git pull
# git checkout -b 1.4 origin/1.4
# git submodule update --init --recursiveIf there are difficulties, you can simply download to a separate folder and replace the files in the existing one, just do not forget to correct the owner and permissions of the files:
# chown apache:apache -R /var/www/html/
# cd /var/www/html/
# find . -type f -exec chmod 0644 {} \;
# find . -type d -exec chmod 0755 {} \;Now let's return the config file.php:
# cp ./config.php.bkp ./config.phpThe third stage of the update remains - the database. The easiest way is to go to the site and we will be offered to do everything automatically:
The second warning offers us to change the php settings, even specifying which parameter and what value, go to the console in the /etc/php.ini file and change the parameter:
# vi /etc/php.inimax_execution_time = 600After that, you need to restart the Apache server:
# systemctl restart httpdAgain, we go to our site and see only a warning about the database backup that we made at the very beginning of the update, click "Upgrade phpipam database". There is also a button with instructions for manually updating the database. A moment later, you will see a message about going to the Dashboard (desktop, home page). And this completes the installation!
Conclusion
We have installed and even learned how to update a very interesting software product, which is also free. It may seem that only large companies need it, but in fact, this IP address management system is useful for medium-sized companies, even in small companies you can find ways to use it. In fact, this is a static database of your IT park, changes will be made quite rarely, it does not take up much space and does not create loads. This allows you to quickly find everything you need.
In addition, it has its own API, which means you can write your own application that will access this system.
It wasn't difficult, was it?
