728x90
반응형
phpIPAM 개요
phpIPAM은 오픈 소스 웹 IP 주소 관리 애플리케이션(IPAM)입니다. 그 목표는 가볍고 현대적이며 유용한 IP 주소 관리를 제공하는 것입니다. jQuery 라이브러리, ajax 및 HTML5/CSS3 기능을 사용하는 MySQL 데이터베이스 백엔드를 갖춘 PHP 기반 애플리케이션입니다.

다음은 phpIPAM의 주요 기능입니다.
IPv4 / IPv6 IP 주소 관리
섹션 / 서브넷 관리
서브넷에 대한 자동 여유 공간 표시
시각적 서브넷 디스플레이
자동 서브넷 스캐닝 / IP 상태 확인
PowerDNS 통합
NAT 지원
VLAN 관리
VRF 관리
IPv4 / IPv6 계산기
IP 데이터베이스 검색
이메일 알림
사용자 정의 필드 지원
번역
변경 로그
랙 관리
도메인 인증 (AD, LDAP, Radius)
그룹 별 섹션 / 서브넷 권한
장치 / 장치 유형 관리
RIPE 서브넷 가져 오기
XLS / CVS 서브넷 가져 오기
IP 요청 모듈
REST API
위치 모듈

 

https://phpipam.net/

 

phpIPAM IPAM IP address management software

free open-source IP address management application (IPAM)

phpipam.net

 

phpIPAM 설치 환경
  • 설치환경
서버IP OS 설치 툴
192.168.56.231 rocky8
https://app.vagrantup.com/generic/boxes/rocky8		 RockyOS 8
Maria DB
Apache(httpd)
PHP

 

  • Vagrantfile 생성
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.define "rock8PHPIPAM231" do |cfg|
    cfg.vm.box = "generic/rocky8"
    cfg.vm.provider "virtualbox" do |vb|
      vb.name = "rocky8PHPIPAM231"
      vb.cpus = 4
      vb.memory = 4096
     vb.customize ["modifyvm", :id, "--groups", "/default_group"]
    end
    cfg.vm.host_name = "rocky8PHPIPAM231"
    cfg.vm.network "private_network", ip: "192.168.56.231"
    cfg.vm.network "forwarded_port", guest: 22, host: 60231, auto_correct: true, id: "ssh"
    cfg.vm.synced_folder "../data", "/vagrant", disabled: true 
#   cfg.vm.provision "shell", path: "config.sh"\
#   cfg.vm.provision "shell", path: "install_pkg.sh", args: [ Ver, "Main" ]
#   cfg.vm.provision "shell", path: "master_node.sh"\
  end
end
  • vagrant 설치로그
C:\Users\shim>vagrant up

Bringing machine 'rock8PHPIPAM231' up with 'virtualbox' provider...
==> rock8PHPIPAM231: Importing base box 'generic/rocky8'...
==> rock8PHPIPAM231: Matching MAC address for NAT networking...
==> rock8PHPIPAM231: Checking if box 'generic/rocky8' version '4.3.12' is up to date...
==> rock8PHPIPAM231: Setting the name of the VM: rocky8PHPIPAM231
==> rock8PHPIPAM231: Clearing any previously set network interfaces...
==> rock8PHPIPAM231: Preparing network interfaces based on configuration...
    rock8PHPIPAM231: Adapter 1: nat
    rock8PHPIPAM231: Adapter 2: hostonly
==> rock8PHPIPAM231: Forwarding ports...
    rock8PHPIPAM231: 22 (guest) => 60231 (host) (adapter 1)
==> rock8PHPIPAM231: Running 'pre-boot' VM customizations...
==> rock8PHPIPAM231: Booting VM...
==> rock8PHPIPAM231: Waiting for machine to boot. This may take a few minutes...
    rock8PHPIPAM231: SSH address: 127.0.0.1:60231
    rock8PHPIPAM231: SSH username: vagrant
    rock8PHPIPAM231: SSH auth method: private key
    rock8PHPIPAM231:
    rock8PHPIPAM231: Vagrant insecure key detected. Vagrant will automatically replace
    rock8PHPIPAM231: this with a newly generated keypair for better security.
    rock8PHPIPAM231:
    rock8PHPIPAM231: Inserting generated public key within guest...
    rock8PHPIPAM231: Removing insecure key from the guest if it's present...
    rock8PHPIPAM231: Key inserted! Disconnecting and reconnecting using new SSH key...
==> rock8PHPIPAM231: Machine booted and ready!
==> rock8PHPIPAM231: Checking for guest additions in VM...
    rock8PHPIPAM231: The guest additions on this VM do not match the installed version of
    rock8PHPIPAM231: VirtualBox! In most cases this is fine, but in rare cases it can
    rock8PHPIPAM231: prevent things such as shared folders from working properly. If you see
    rock8PHPIPAM231: shared folder errors, please make sure the guest additions within the
    rock8PHPIPAM231: virtual machine match the version of VirtualBox you have installed on
    rock8PHPIPAM231: your host and reload your VM.
    rock8PHPIPAM231:
    rock8PHPIPAM231: Guest Additions Version: 6.1.30
    rock8PHPIPAM231: VirtualBox Version: 7.0
==> rock8PHPIPAM231: Setting hostname...
==> rock8PHPIPAM231: Configuring and enabling network interfaces...

C:\Users\shim>
  • 초기 로그인하여 환경 설정

# cd /etc
# cd ssh/
# vi sshd_config

PermitRootLogin yes
PasswordAuthentication yes

:wq!

# sudo timedatectl set-timezone Asia/Seoul

 

phpIPAM 설치하기
  • SELINUX Disabled
# vi /etc/selinux/config

SELINUX=enforcing   ----> SELINUX=disabled 로 수정
  • MariaDB 설치
# dnf -y install mariadb-server mariadb

# systemctl start mariadb.service

# systemctl enable mariadb.service
Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.

# systemctl status mariadb.service
● mariadb.service - MariaDB 10.3 database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2024-04-06 12:16:57 KST; 14s ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
 Main PID: 4160 (mysqld)
   Status: "Taking your SQL requests now..."
    Tasks: 30 (limit: 23144)
   Memory: 84.4M
   CGroup: /system.slice/mariadb.service
           └─4160 /usr/libexec/mysqld --basedir=/usr

Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: '/usr/bin/mysql_secure_installation'
Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: which will also give you the option of removing the test
Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: databases and anonymous user created by default.  This is
Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: strongly recommended for production servers.
Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: See the MariaDB Knowledgebase at http://mariadb.com/kb
Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: Please report any problems at http://mariadb.org/jira
Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: The latest information about MariaDB is available at http://mariadb.org/.
Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: Consider joining MariaDB's strong and vibrant community:
Apr 06 12:16:56 rocky8PHPIPAM231 mysql-prepare-db-dir[4098]: https://mariadb.org/get-involved/
Apr 06 12:16:57 rocky8PHPIPAM231 systemd[1]: Started MariaDB 10.3 database server
  • MariaDB phpIPAM사용자 계정 및 DB 생성 / mysql 비밀번호 변경 
# mysql -u root -p
Enter password:  <--- 초기 비밀번호가 없으므로 그냥 enter로 들어감
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.39-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# MariaDB [(none)]> CREATE DATABASE phpipam;
Query OK, 1 row affected (0.005 sec)

# MariaDB [(none)]> GRANT ALL ON phpipam.* TO phpipam@localhost IDENTIFIED BY 'phpipam';
Query OK, 0 rows affected (0.002 sec)

# MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.002 sec)

# MariaDB [(none)]> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
# MariaDB [mysql]> set password=password('phpipam');
Query OK, 0 rows affected (0.000 sec)

# MariaDB [(none)]> quit
Bye
#
  • httpd 설치
# dnf -y install httpd

# systemctl start httpd.service

# systemctl enable httpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
  • PHP 설치
# dnf -y install php

# dnf -y install php-{mysqlnd,curl,gd,intl,pear,recode,xmlrpc,mbstring,gettext,gmp,json,xml,fpm,snmp}
  • phpIPAM설치 (git 파일 다운로드)
# dnf -y install git  

# git clone --recursive https://github.com/phpipam/phpipam.git /var/www/html/phpipam
Cloning into '/var/www/html/phpipam'...
remote: Enumerating objects: 31044, done.
remote: Counting objects: 100% (1247/1247), done.
remote: Compressing objects: 100% (615/615), done.
remote: Total 31044 (delta 700), reused 1094 (delta 606), pack-reused 29797
Receiving objects: 100% (31044/31044), 24.92 MiB | 1.84 MiB/s, done.
Resolving deltas: 100% (22755/22755), done.
Submodule 'app/login/captcha' (https://github.com/dapphp/securimage.git) registered for path 'app/login/captcha'
Submodule 'functions/GoogleAuthenticator' (https://github.com/PHPGangsta/GoogleAuthenticator) registered for path 'functions/GoogleAuthenticator'
Submodule 'functions/PHPMailer' (https://github.com/PHPMailer/PHPMailer.git) registered for path 'functions/PHPMailer'
Submodule 'functions/parsedown' (https://github.com/erusev/parsedown.git) registered for path 'functions/parsedown'
Submodule 'functions/php-saml' (https://github.com/onelogin/php-saml.git) registered for path 'functions/php-saml'
Submodule 'functions/qrcodejs' (https://github.com/davidshimjs/qrcodejs) registered for path 'functions/qrcodejs'
Submodule 'functions/xmlseclibs' (https://github.com/robrichards/xmlseclibs.git) registered for path 'functions/xmlseclibs'
Cloning into '/var/www/html/phpipam/app/login/captcha'...
remote: Enumerating objects: 1324, done.
remote: Counting objects: 100% (111/111), done.
remote: Compressing objects: 100% (51/51), done.
remote: Total 1324 (delta 65), reused 100 (delta 60), pack-reused 1213
Receiving objects: 100% (1324/1324), 11.14 MiB | 3.72 MiB/s, done.
Resolving deltas: 100% (672/672), done.
Cloning into '/var/www/html/phpipam/functions/GoogleAuthenticator'...
remote: Enumerating objects: 209, done.
remote: Total 209 (delta 0), reused 0 (delta 0), pack-reused 209
Receiving objects: 100% (209/209), 35.38 KiB | 3.93 MiB/s, done.
Resolving deltas: 100% (89/89), done.
Cloning into '/var/www/html/phpipam/functions/PHPMailer'...
remote: Enumerating objects: 17523, done.
remote: Counting objects: 100% (2624/2624), done.
remote: Compressing objects: 100% (322/322), done.
remote: Total 17523 (delta 1957), reused 2469 (delta 1869), pack-reused 14899
Receiving objects: 100% (17523/17523), 17.30 MiB | 1.95 MiB/s, done.
Resolving deltas: 100% (9682/9682), done.
Cloning into '/var/www/html/phpipam/functions/parsedown'...
git clone --recursive https://github.com/phpipam/phpipam.git /var/www/html/phpipamremote: Enumerating objects: 6211, done.
remote: Counting objects: 100% (286/286), done.
remote: Compressing objects: 100% (108/108), done.
remote: Total 6211 (delta 172), reused 274 (delta 164), pack-reused 5925
Receiving objects: 100% (6211/6211), 1.45 MiB | 890.00 KiB/s, done.
Resolving deltas: 100% (3345/3345), done.
Cloning into '/var/www/html/phpipam/functions/php-saml'...
remote: Enumerating objects: 6297, done.
remote: Counting objects: 100% (369/369), done.
remote: Compressing objects: 100% (184/184), done.
remote: Total 6297 (delta 158), reused 335 (delta 144), pack-reused 5928
Receiving objects: 100% (6297/6297), 4.61 MiB | 3.96 MiB/s, done.
Resolving deltas: 100% (3673/3673), done.
Cloning into '/var/www/html/phpipam/functions/qrcodejs'...
remote: Enumerating objects: 171, done.
remote: Total 171 (delta 0), reused 0 (delta 0), pack-reused 171
Receiving objects: 100% (171/171), 132.12 KiB | 901.00 KiB/s, done.
Resolving deltas: 100% (80/80), done.
Cloning into '/var/www/html/phpipam/functions/xmlseclibs'...
remote: Enumerating objects: 1183, done.
remote: Counting objects: 100% (29/29), done.
remote: Compressing objects: 100% (19/19), done.
remote: Total 1183 (delta 9), reused 18 (delta 6), pack-reused 1154
Receiving objects: 100% (1183/1183), 423.88 KiB | 1.89 MiB/s, done.
Resolving deltas: 100% (689/689), done.
Submodule path 'app/login/captcha': checked out '2be13fddff68a72dee2c68196dbce7c8f825bcc1'
Submodule path 'functions/GoogleAuthenticator': checked out '505c2af8337b559b33557f37cda38e5f843f3768'
Submodule path 'functions/PHPMailer': checked out 'cbe9d8d9a9adb7dff77852a3cfc9b63ede3e7a89'
Submodule path 'functions/parsedown': checked out '77947eda2fdaf06b181c63a7db13e38968306aee'
Submodule path 'functions/php-saml': checked out '5fbf3486704ac9835b68184023ab54862c95f213'
Submodule path 'functions/qrcodejs': checked out '04f46c6a0708418cb7b96fc563eacae0fbf77674'
Submodule path 'functions/xmlseclibs': checked out 'cf50b5023964550d714df76ba9adf21eb6fdaa35'
  • phpIPAM DB기본 테이블 생성(스키마)
# mysql -u root -p phpipam < /var/www/html/phpipam/db/SCHEMA.sql
Enter password:     <--- 위에서 mysql root 패스워드 phpipam 입력
  • phpIPAM 설정
# cp /var/www/html/phpipam/config.dist.php /var/www/html/phpipam/config.php


# vi /var/www/html/phpipam/config.php

 * database connection details
 ******************************/
$db['host'] = '127.0.0.1';
$db['user'] = 'phpipam';
$db['pass'] = 'phpipam';            <---- 패스워드 수정
$db['name'] = 'phpipam';
$db['port'] = 3306;
  • Apache 설정 (phpipam.conf 추가 -- 신규 파일 생성)
vi /etc/httpd/conf.d/phpipam.conf 

# 아래 내용 추가 

<VirtualHost *:80>
    ServerAdmin admin@example.com  
    DocumentRoot "/var/www/html/phpipam"
    ServerName phpipam.computingforgeeks.com
    ServerAlias www.phpipam.computingforgeeks.com
    <Directory "/var/www/html/phpipam">             <----- 웹페이지 접속 경로
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog "/var/log/httpd/phpipam-error_log"
    CustomLog "/var/log/httpd/phpipam-access_log" combined
</VirtualHost>
  • Apache 디렉토리 소유권 및 그룹 권한 변경
# ls -al /var/www/html/
total 4
drwxr-xr-x.  3 root root   21 Apr  6 12:40 .
drwxr-xr-x.  4 root root   33 Apr  6 12:35 ..
drwxr-xr-x. 14 root root 4096 Apr  6 12:48 phpipam

# chown -R apache:apache /var/www/html/

# ls -al /var/www/html/
total 4
drwxr-xr-x.  3 apache apache   21 Apr  6 12:40 .
drwxr-xr-x.  4 root   root     33 Apr  6 12:35 ..
drwxr-xr-x. 14 apache apache 4096 Apr  6 12:48 phpipam

# apachectl -t

# systemctl restart httpd

# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           └─php-fpm.conf
   Active: active (running) since Sat 2024-04-06 12:56:47 KST; 4s ago
     Docs: man:httpd.service(8)
 Main PID: 9147 (httpd)
   Status: "Started, listening on: port 80"
    Tasks: 213 (limit: 23144)
   Memory: 43.3M
   CGroup: /system.slice/httpd.service
           ├─9147 /usr/sbin/httpd -DFOREGROUND
           ├─9148 /usr/sbin/httpd -DFOREGROUND
           ├─9149 /usr/sbin/httpd -DFOREGROUND
           ├─9150 /usr/sbin/httpd -DFOREGROUND
           └─9151 /usr/sbin/httpd -DFOREGROUND

Apr 06 12:56:47 rocky8PHPIPAM231 systemd[1]: Starting The Apache HTTP Server...
Apr 06 12:56:47 rocky8PHPIPAM231 httpd[9147]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Apr 06 12:56:47 rocky8PHPIPAM231 httpd[9147]: Server configured, listening on: port 80
Apr 06 12:56:47 rocky8PHPIPAM231 systemd[1]: Started The Apache HTTP Server.
  • 방화벽 설정
# firewall-cmd --zone=public --add-port=80/tcp --permanent

# firewall-cmd --zone=public --add-port=3306/tcp --permanent

# firewall-cmd --reload

# systemctl restart firewalld.service

 

phpIPAM 웹접속
  • http://192.168.56.231/phpipam 접속
  • New phpipam installation 클릭

  • Automatic database installation 클릭

  • DBMS 정보입력후 install phpipam database클릭

    • Could not connect to database! SQLSTATE[HY000] [2002] Permission denied 접속 오류 발생

Could not connect to database! SQLSTATE[HY000] [2002] Permission denied

  • getsebool 값 확인 (http Acces 제한 생태 확인)
# getsebool -a | grep httpd

\httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_redis --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> off
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_ipa --> off
httpd_run_preupgrade --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_opencryptoki --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
  • setsebool 값으로 설정값 변경
# setsebool -P httpd_can_network_connect_db 1
  • 다시 Install phpipam database 버튼 클릭 (Database already installed로 나옴)

 

  • 웹브라우져를 닫고 다시 http://192.168.56.231/phpipam 접속하면 로그인 창이 뜸
  • 초기  계정 및 패스워드 : Admin / ipamadmin 임

  • phpipam을 접속하려면 패스워드를 변경해야 된다고 나옴
  • (기존) ipamadmin
  • (변경) phpipamadmin 으로 변경함

 

설치 성공 및 초기 로그인 화면

 

시스템 상태 확인
# netstat -ntpa |grep LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      9386/httpd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1155/sshd
tcp6       0      0 :::3306                 :::*                    LISTEN      4160/mysqld
tcp6       0      0 :::22                   :::*                    LISTEN      1155/sshd
728x90
반응형
LIST

+ Recent posts

티스토리툴바