Managing Computing Infrastructures with GLPI and a Managed Database for MySQL

GLPI Overview

Gestionnaire Libre de Parc Informatique (GLPI), or Open Source IT Equipment Manager in English, is a web-based asset and IT management opensource software, written in PHP and released under the GNU General Public License. A graphic interface, accessible via web-browser, allows users to easily operate IT operations, that can include hardware from peripherals to entire server racks.

The application disposes of several features that seek to assist companies in managing their information systems. Among them:

  • Asset management and automatic inventory
  • Item lifecycle management
  • Data Center Infrastructure Management
  • Issue tracking system
  • Helpdesk
  • Administrative and financial management of IT assets
  • Statistics and reports
  • Knowledge base

Requirements

Installing the Stack

During this tutorial we will install and configure a LEMP-Stack using Ngnix, a managed database for MySQL and PHP.

1 . Update the systems apt repository information and upgrade it to make sure that the system is up to date and has the latest bug-fixes and updates installed.

apt update && apt -y upgrade

2 . Use Ubuntu’s apt packet manager to install Nginx. Then, restart and enable it.

apt install nginx 
systemctl restart nginx.service
systemctl enable nginx.service

3 . Install PHP:

apt install php7.4-fpm php7.4-common php7.4-mysql php7.4-gmp php7.4-curl php7.4-intl php7.4-mbstring php7.4-soap php7.4-xmlrpc php7.4-gd php7.4-xml php7.4-cli php7.4-zip 

Creating a Managed Database for MySQL

In this tutorial, we will be creating a managed database for MySQL instance directly in the Scaleway console.

1 . In the Storage section of the side menu, click on Database. Then, click on Create an Instance.

The creation page displays.

2 . Choose MySQL as a database engine.

3 . You can select the region in which your database will be deployed geographically. Currently we provide the following locations:

  • FR-PAR: Paris, France
  • NL-AMS: Amsterdam, The Netherlands

4 . Under Configure Instance Options, select your instance type and check the boxes for Backup and High Availability if you require them.

5 . To create your credentials, insert a username and a password in the respective boxes.

Take note of these credentials, as they will be required in a later step.

6 . Enter a name for your instance, verify if all selected options are correct and click Create an Instance to launch its creation.

Downloading GLPI

1 . Change directory from root to the file where the GLPI repository will be downloaded into.

In this tutorial we will check into /tmp.

cd /tmp

Check the most recent version of GLPI here and replace it in the commands accordingly. In this tutorial we are using version 9.5.1

wget https://github.com/glpi-project/glpi/releases/download/9.5.1/glpi-9.5.1.tgz
tar -xvf glpi-9.5.1.tgz

2 . Move glpi to the /var/www/glpi directory.

mv glpi /var/www/glpi

3 . Give Nginx ownership of the directory.

chown -R www-data:www-data /var/www/glpi/

Configuring Nginx

1 . Use a text editor to create a new server block VirtualHost file named glpi under the /etc/nginx/sites-available directory to include the client request settings of your web server.

nano /etc/nginx/sites-available/glpi

Copy and paste the configuration below into the file. Replace example.com with your domain name and save.

server {
    listen 80;
    listen [::]:80;

    server_name  example.com www.example.com;
    root   /var/www/glpi;
    index  index.php index.html index.htm;
    access_log /var/log/nginx/example.com.access.log;
    error_log /var/log/nginx/example.com.error.log;
    client_max_body_size 100M;
  
    autoindex off;

    location / {
        try_files $uri $uri/ =404;
    }

    location /dataroot/ {
      internal;
      alias /var/www/glpi/;
    }

location ~ [^/].php(/|$) {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;

    }
}

2 . Create a symbolic link to enable the server block and restart Nginx.

ln -s /etc/nginx/sites-available/glpi /etc/nginx/sites-enabled/
systemctl restart nginx.service

You can check if GLPI is accessible via a web interface by accessing http://example.com using the server’s IP or your domain.

Installing a SSL/TLS Certificate

In order to protect user credentials and other confidential information that will be stored in GLPI, you can generate a SSL/TLS certificate issued by Let’s Encrypt for free.

For this purpose we will be using a certbot.

1 . Prepare the system:

apt-get update
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update

2 . Install certbot using snap.

apt-get install python3-certbot-nginx

3 . Run certbot:

certbot --nginx

4 . Answer the questions when prompted by the certbot Wizard.

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 

Insert your e-mail address.

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

Type A to agree.

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: 

Choose Yes or No and input accordingly.

The Wizard then asks which names you would like to activate HTTPS for. Input the corresponding number(s) and enter.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

If you wish to redirect HTTP traffic to HTTPS, answer the following prompt by inputting 2 and entering.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Your certificate is generated.

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for openproject-scw.ga
Using the webroot path /opt/openproject/public for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/yourdomain.name/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/yourdomain.name/privkey.pem
  Your cert will expire on 2020-10-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Take note of the paths provided as they will be required in a later step.

To set automatically renew your certificate, run:

certbot renew --dry-run

Configuring GLPI

1 . Access your GLPI interface via web browser using your domain name or IP address.

The GLPI setup wizard displays. Select the language and click on OK.

2 . The GLPI License Terms display. Read them through and check I have READ and ACCEPT the terms of the license written above to proceed.

3 . To begin the installation, click on Install.

4 . A compatibility check is run and a list of tests done on the environment displays. Click on Continue to proceed.

5 . To setup your database connection, fill out the boxes with the following information:

SQL Server (MariaDB or MySQL): XXX.XXX.XX.XX:PORT (The IP address of your Database instance followed by the MySQL port)

SQL User: db-username (The username previously created for your managed database)

SQL Password: db-password (The password previously created for your managed database)

Click on Continue to proceed.

6 . Select a database and click Continue:

The initialization of the database might take a few minutes. Once completed, the following screen displays:

Click on Continue.

7 . Once the installation is finished, your default logins and passwords display:

Once the installation is finished, your default logins and passwords display. Use login glpi and password glpi to connect as Administrator.

The GLPI dashboard displays.

For security reasons GLPI recommends you to change the password for your default users and to remove file install/install.php.

To change the password, click on the default usernames displayed in the warning message or click on Admnistration > Users in the top menu to manage users.

To delete install/install.php, run the following command on your instance:

rm -rf /var/www/glpi/install/

Your setup is complete. You can begin managing assets and resources. GLPI provides a documentation website that helps you get started.

Discover a New Cloud Experience

Deploy SSD Cloud Servers in seconds.