How To: Install GLPI on CentOS 7

2 Comments Linux

What is GLPI?:

In short, GLPI offers both small and large businesses the ability to track their inventory and assets as well as offers lifecycle planning, service desk management, and much more.

GLPI can be directly integrated with OCS for seamless asset tracking automation. Check out my other blog post on how to install OCS

Read more about GLPI on their website: GLPI

Overview:

In this article, we will go step-by-step on how to install GLPI on CentOS 7. There are a few installation gotchas that I have overcome that are not mentioned in the GLPI documentation and I wanted to share this information so that anyone just getting into GLPI or wanting to know more about GLPI doesn’t have to go through the same pain I had to. 

yum install -y epel-release yum-utils vim wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm

yum-config-manager --enable remi-php73

vim /etc/yum.repos.d/MariaDB.repo
    [mariadb]
    name = MariaDB
    baseurl = http://yum.mariadb.org/10.1/centos7-amd64
    gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
    gpgcheck=1

yum install -y httpd MariaDB-server MariaDB-client php php-cli php-common php-curl php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-simplexml php-sodium php-xmlrpc php-zip

yum update && yum upgrade

firewall-cmd --permanent --add-service={http,https}
firewall-cmd --reload && firewall-cmd --list-services

vim /etc/httpd/conf/httpd.conf
    #<Directory "/var/www/html">
    #AllowOverride = All

systemctl enable httpd && systemctl start httpd

systemctl enable mariadb && systemctl start mariadb
mysql_secure_installation

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -p -u root mysql
systemctl restart mariadb && mysql -u root -p
GRANT SELECT ON `mysql`.`time_zone_name` TO 'GLPISA'@'localhost';
create database glpi;
CREATE USER 'GLPISA'@'localhost' IDENTIFIED BY 'Password12345';
GRANT ALL PRIVILEGES ON glpi. * TO 'GLPISA'@'localhost' IDENTIFIED BY 'Password12345';
FLUSH PRIVILEGES;
exit

wget https://github.com/glpi-project/glpi/releases/download/9.5.5/glpi-9.5.5.tgz
tar -xvf glpi-9.5.5.tgz
mv glpi /var/www/html

chmod -R 755 /var/www/html/glpi && chown -R apache:apache /var/www/html/glpi
chcon -R -t httpd_sys_rw_content_t /var/www/html/glpi/
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_sendmail 1

mv /var/www/html/glpi/install/install.php /var/www/html/glpi/install/install.php.bck

Prerequisites:

  • Note: All commands are done via an SSH connection in this guide.

To start you will need to open an SSH session to your CentOS 7 machine, if you are on windows you can use putty or even PowerShell to achieve this.

yum install -y epel-release yum-utils vim wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm

yum-config-manager --enable remi-php73

Create a .repo file so that an updated MariaDB version can be installed. GLPI requires MariaDB version 10.0+ which does not come by default with CentOS 7 or EPEL repositories.

# To edit in vim use: i
# To save and quit vim use: Esc + :wq!

vim /etc/yum.repos.d/MariaDB.repo

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

After getting all the repositories set up, install the various array of applications and extensions needed to properly run GLPI.

yum install -y httpd MariaDB-server MariaDB-client php php-cli php-common php-curl php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-simplexml php-sodium php-xmlrpc php-zip

yum update && yum upgrade
  • Command Block #01
    • epel-release
      • Extra packages for enterprise Linux or epel is a special interest group from fedora that creates and maintains additional sets of packages for RHEL, and other Linux distros.
    • yum-utils
      • Tools for manipulating repositories and extended package management
    • vim
      • A highly configurable text editor also known as vi.
    • wget
      • A program that can be used to retrieve content from web pages.
    • http://rpms.remirepo.net/enterprise/remi-release-7.rpm
      • Installs the Remi repo for PHP7
  • Command Block #02
    • yum-config-manager –enable remi-php73
      • Enables the Remi repo for PHP7
  • Command Block #06
    • yum update && yum upgrade
      • && means to run command 2 only if command 1 succedes

Configure Apache Web Server:

After installing the prerequisites we will now work on configuring the HTTPd\Apache webserver.

firewall-cmd --permanent --add-service={http,https}
firewall-cmd --reload && firewall-cmd --list-services

Edit the httpd\apache “httpd.conf” file so GLPI does not warn on the test “Web access to files directory is protected” later on during the GLPI setup wizard.

# To edit in vim use: i
# To save and quit vim use: Esc + :wq!

vim /etc/httpd/conf/httpd.conf

Look in the following section and change the default “AllowOverride None” to “AllowOverride All“. 

<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

systemctl enable httpd && systemctl start httpd
  • Command Block #01
    • firewall-cmd
      • firewall-cmd is the command-line client of the firewalld daemon. It provides an interface to manage runtime and permanent configuration.
      • –add-services={http,https} opens ports 80 and 443 in the firewall as they are not open by default.
  • Command Block #04
    • systemctl enable httpd && systemctl start httpd
      • systemctl is a system manager that has widely become the new standard for Linux distributions
      • systemctl enable httpd tells the httpd\apache service to auto-start on boot
      • systemctl start httpd tells the httpd\apache service start right now

Configure the MariaDB database:

After configuring HTTPd\Apache we will work on configuring the MariaDB database for GLPI.

systemctl enable mariadb && systemctl start mariadb

mysql_secure_installation

Create a password for the MariaDB root account as the default is nothing, then for the remaining initial setup wizard accept the defaults using “Y“. 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Allow MariaDB access to CentOS 7’s zone info so that MariaDB can load the time zone tables into it’s MySQL database. If we don’t do this then we won’t be able to set up a timezone in GLPI after the setup wizard is completed.

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -p -u root mysql

After running through the MariaDB setup wizard, log into MariaDB management interface. 

systemctl restart mariadb && mysql -u root -p

Prestage a database for GLPI as well as assign it a dedicated service account with full permissions. This database & service account will be used later on when it comes to the GLPI setup wizard.

The user account and password below are examples and should be adjusted to fit your needs accordingly.

#GLPI Settings
create database glpi;
CREATE USER 'GLPISA'@'localhost' IDENTIFIED BY 'Password12345';
GRANT ALL PRIVILEGES ON glpi. * TO 'GLPISA'@'localhost' IDENTIFIED BY 'Password12345';

#Timezone Settings
GRANT SELECT ON `mysql`.`time_zone_name` TO 'GLPISA'@'localhost';
FLUSH PRIVILEGES;
exit
  • Command Block #01
    • systemctl enable mariadb && systemctl start mariadb
      • systemctl is an init system and system manager that has widely become the new standard for Linux distributions
      • systemctl enable mariadb tells the MariaDB service to auto-start on boot
      • systemctl start mariadb tells the httpd\apache service start right now

Install GLPI:

After configuring the MariaDB database we will install and prestage GLPI.

wget https://github.com/glpi-project/glpi/releases/download/9.5.5/glpi-9.5.5.tgz
tar -xvf glpi-9.5.5.tgz
mv glpi /var/www/html

Since we are installing GLPI from the source, the folder permissions will need to be modified. We will also configure various SELinux policies allowing GLPI to run correctly in the /var/www/html/glpi directory.  

As an oversimplification, SELinux or Security-Enhanced Linux is an access control list for applications\processes running on Linux operating systems and should never be turned off.

chmod -R 755 /var/www/html/glpi && chown -R apache:apache /var/www/html/glpi
chcon -R -t httpd_sys_rw_content_t /var/www/html/glpi/
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1
setsebool -P httpd_can_sendmail 1
  • Command Block #01
    • wget https://website-name/package
      • wget is used for retrieving files using HTTP, HTTPS, FTP and FTPS
    • tar -xvf
      • tar stands for tape archive and is used to create an archive and extract archived files
      • -x is used to extract the archive
      • -v is used to verbosely show information
      • -f is used to create a destination folder with the same name
    • mv
      • mv is used to rename and move files and directories from one location to another
  • Command Block #02
    • chmod -R
      • chmod changes the file mode bits of each given file
      • -R is used to do it recursively
    • chown -R
      • chown changes the user and/or group ownership of each given file
      • -R is used to do it recursively
      • apache:apache is used to give permission to the apache user and group.
    • chcon -R -t
      • chcon change the SELinux security context of each FILE to CONTEXT
      • -R is used to do it recursively
      • -t is used to specify a type
      • httpd_sys_rw_content_t is used by Apache so that files can be created or modified by your application.
    • setsebool -P
      • setsebool sets the current state of a particular SELinux boolean or a list of booleans to a given value
      • -P is used to make the changes persistent
      • httpd_can* more can be read about what each of these do here: SELinux Booleans

Configure GLPI:

After installing GLPI, we will now run through the setup wizard to finish setting up the GLPI instance.

Browse out to the following: “http://IP-OF-SERVER/GLPI“, and follow along with the setup wizard to complete the installation and setup of GLPI.

Clean up:

Rename the “install.php” file in the GLPI directory after the setup wizard is complete or GLPI will warn you when you log in.

mv /var/www/html/glpi/install/install.php /var/www/html/glpi/install/install.php.bck

Thoughts?

Thank you for taking the time to read this article, I hope that it was helpful in some way to you. If you noticed anything wrong or have a better way of doing this please don’t hesitate to comment below or send me an email.

Thank you!

You May Also Like

2 Comments

  1. Glen 2021-12-30 at 08:31

    Good evening to you!
    I installed centos7 and Glpi on Vmware thanks to the steps you took. I would like to connect my oracle database with Glpi, can you help me with this?

    Reply
    1. Celerium 2021-12-30 at 09:16

      Hi Glen,

      I believe only MySQL 5.6+ and MariaDB 10+ are supported for databases by GLPI at this time.

      Reply

Leave a Reply