GLPI - A FOSS ITSM System

What is GLPI?

GLPI is an open-source IT Service Management platform. It provides a wide variety of of tools to manage an organization’s IT infrastructure, including hardware, software, and related services.

This post aims to help with deploying and setting up a GLPI instance in a SMB environment.

Key Features

• Asset Management:
  • Tracks hardware components such as computers, servers, and peripherals.
  • Manages software licenses, installations, and updates.
  • Handles consumables and spare parts.
• Service Desk:
  • Provides a ticketing system for incident and request management.
  • Supports user requests, incident reports, and problem tracking.
  • Includes features for SLA management.
• Financial Management:
  • Tracks expenses related to IT assets.
  • Manages contracts and warranties.
• Reporting and Statistics:
  • Generates detailed reports and statistics on IT assets and service desk activities.
  • Provides dashboards for monitoring key performance indicators.
• Project Management:
  • Facilitates the planning and tracking of IT projects.
  • Manages tasks, milestones, and resources.
• Knowledge Base:
  • Maintains a repository of documents and solutions.
  • Allows users to access self-service resources.
• User Management:
  • Manages user accounts and access rights.
  • Integrates with directory services like LDAP and Active Directory.
• Plugins and Customization:
  • Supports a wide range of plugins for additional functionalities.
  • Customizable to meet specific organizational needs.

Licensing

There is no difference in terms of access; the free version has no user or asset limits. The free version is self-hosted, the paid version runs in GLPI's cloud and provides official support and access to extra plugins.

Requirements

This guide will deploy the on-prem version of GLPI a Docker environment, using docker compose, so the requirements are straightforward:

• A Linux host (Ubuntu Server for this example)
• Docker
• Docker Compose
• Time zone correctly set on the host

Installation

The Docker compose will deploy the key components of GLPI:

• Webserver: Apache
• PHP
• Database: MySQL (but you can use MariDB if you prefer)

Docker Compose:

version: '3.8'

services:
  glpi:
    image: diouxx/glpi:latest
    container_name: glpi
    restart: always
    ports:
      - "8888:80"
    environment:
      MYSQL_ROOT_PASSWORD: CHANGEME2
      MYSQL_USER: glpi_user
      MYSQL_PASSWORD: CHANGEME1
      MYSQL_DATABASE: glpi
      GLPI_INSTALL_PLUGINS: example_plugin
      TIMEZONE: Europe/London
    volumes:
      - glpi_data:/var/lib/glpi
      - glpi_logs:/var/log/glpi
    depends_on:
      - db

  db:
    image: mysql:5.7
    container_name: glpi_db
    restart: always
    ports:
      - "8889:3306"
    environment:
      MYSQL_ROOT_PASSWORD: CHANGEME2
      MYSQL_DATABASE: glpi
      MYSQL_USER: glpi_user
      MYSQL_PASSWORD: CHANGEME1
      
    volumes:
      - db_data:/var/lib/mysql

volumes:
  glpi_data:
  glpi_logs:
  db_data:

• Change the placeholder values and port numbers.
• Deploy the stack.

cd ~
mkdir glpi_docker
cd gpli_docker
nano compose.yml
docker-compose up -d
docker ps

• Visit http://{hostIP}:8888:
  • Select the language
  • Accept the T&Cs
  • Click Install and Continue.
  • Enter the database information, in this example:
    • SQL Server: {Host IP}:8889
    • SQL User: glpi_user
    • SQL Password: CHANGEME1
  • Select the existing glpi database and click Continue.
  • Sign in with the default credentials glpi glpi.

Configuration

To create a base configuration of GLPI, we will set up the basics.

Credentials

By default, GLPI ships with the following accounts:

glpi/glpi: Super Admin

• tech: technical account
• normal/normal: standard account
• post-only/postonly: post-only account

GLPI comes with 7 default roles. These can be viewed here, but depending on the type of organization, you may want to create custom roles, or even eliminate using some of the default ones in cases of small teams.

Navigate to Administration > Users and delete all accounts except for glpi. Change the defaul username and password for the glpi account, leaving it the only static account (besides the glpi-system account). All other users will be synced through LDAP.

Remove the Installer

Post-installation, the installer module is no longer required and leaving it accessible is actually considered a security vulnerability. This can be removed by accessing the container through the host and removing the file.

• Open an SSH session with the docker host machine.
• docker exec -it glpi /bin/bash
• cd /var/www/html/glpi/install
• rm ./install.php
• Refresh GLPI's web interface.

Email Setup

To be able to send and receive emails, configure the service mailbox to be used with the system. This mailbox will be used for ingress messages (eg. tickets) as well as for outgoing communications from the system.

This example will use a regular Gmail account for simplicity. Make sure the credentials are ready and if using Gmail, make sure to generate an app password first.

There are three main components at play with email notifications and messages:

• Notifications: For outbound emails.
• Receivers: For inbound emails.
• Rules: To convert inbound emails to tickets.

Enable Anonymous Ticket Creation
Navigate to Setup > General > Assistance > Enable Allow anonymous ticket creation (helpdesk.receiver) and Allow anonymous followups (receiver).

Notifications
Navigate to Setup > Notifications.

• Turn on Enable Followup and click Save.
• Turn on Enable followups via email and save.
• Click the Email followups configuration option in the right-hand menu and update the form with the following information:
  • Administrator email address: Your email address
  • Email sender address: Your email address
  • Reply-To address: Your email address
  • Administrator Name: Any value (will be shown as the platform admin)
  • Email Sender Name: Any value (will be shown as the sender name)
  • Reply-To name: Any value (will be shown as the reply-to name)
  • Email Signature: Set the signature used in every email sent from GLPI.
  • Way of sending emails: This refers to the protocol, change it to SMTP+TLS
  • Check Certificate: Yes
  • SMTP Host: smtp.gmail.com
  • Port: 465
  • SMTP Login: Your email address
  • SMTP password: Your app password (with the original spaces every 4 characters)9
  • Email Sender: Your email address
• Before sending out a test email, click Save.
• Test the email functionality.

Receivers

First, enable IMAP access on Gmail: Settings > Forwarding and POP/IMAP > IMAP access > Enable IMAP > Save changes.

Navigate to Setup > Receivers > Add:

• Name: Any identifier
• Active: Yes
• Server: smtp.gmail.com
• Connection options: IMAP SSL
• Incoming Mail Folder: Inbox
• Port: 993
• Login: Your email address.
• Password: Your app password (with the original spaces every 4 characters)
• Use mail date, instead of collect one: Yes

Click Save, then click on Actions > Get email tickets now. This will collect emails that can be raised as tickets. Now, you may notice mail collection does not trigger automatically. To set up automatic email collection follow these steps:

• Navigate to Setup > Automatic Actions
• Select Mailgate action:
  • Run Frequency: 1 minute
  • Run Mode: CLI
  • Run Period: 0-24
  • Number of days this action logs are stored in days: 30
  • Number of emails to retrieve: 100
  • Comments: 100
  • Save it.
• Navigate to Setup > Automatic Actions
• Select queuednotification:
  • Change the run mode to CLI.
  • Save it.

ITIL Categories

To create ITIL ticket categories, head to Setup > Dropdowns > Assistance > ITIL Categories.

LDAP

Accounts are synced through an LDAP directory. If you do not already have an LDAP server, I recommend deploying LLDAP, a simplified LDAP platform with an easy-to-use web UI:

version: "3"

volumes:
  lldap_data:
    driver: local

services:
  lldap:
    image: lldap/lldap:stable
    ports:
      - "2312:3890"
      - "2313:17170"
    volumes:
      - "lldap_data:/data"
    environment:
      - UID=1000
      - GID=1000
      - TZ=Europe/London
      - LLDAP_JWT_SECRET=REPLACE
      - LLDAP_KEY_SEED=REPLACE
      - LLDAP_LDAP_BASE_DN=dc=yourdomain,dc=uk

After deployment, log in to the web UI at {HostIP}:2313 (admin/password) and create users.

To set up LDAP sync on GLPI, navigate to Setup > Authentication > LDAP directory > Add:

• Name: Any name to identify the directory
• Default Server: Yes
• Active: Yes
• Server: IP of the LDAP server
• Port: 2312
• BaseDN: dc=yourdomain,dc=com
• Use Bind: Yes
• RootDN: cn=admin,ou=People,dc=yourdomain,dc=com
• Password: password

Users are not automatically imported from LDAP to GLPI. To set up an auto-sync, crontab will be used in the GLPI docker container as follows:

• Open an SSH session with the docker host machine.
• docker exec -it glpi /bin/bash
• crontab -e

*/30 * * * * cd /var/www/glpi/scripts && php -q -f ldap_mass_sync.php -- action=1 server_id=1
*/30 * * * * cd /var/www/glpi/scripts && php -q -f ldap_mass_sync.php -- action=0 server_id=1

Customisation

Custom Logo:
To set a custom logo for the platform, navigate to Administration > Entities > Root Entity > UI Customization > Enable CSS Customization and paste in the template:

body.welcome-anonymous .card-body { background-color:#cfdcea}
body.welcome-anonymous .glpi-logo {
    --logo:url(https://upload.wikimedia.org/wikipedia/commons/thumb/2/2f/Google_2015_logo.svg/800px-Google_2015_logo.svg.png);
      content: var(--logo);
    height: 190px;
      width: 829px;
}

.page .glpi-logo {
  background: url("https://upload.wikimedia.org/wikipedia/commons/thumb/2/2f/Google_2015_logo.svg/800px-Google_2015_logo.svg.png") no-repeat;
  background-size: 100px 50px;
}

Remove the Automatically Generated by GLPI text in emails

• Open an SSH session with the docker host machine.
• docker exec -it glpi /bin/bash
• cd /var/www/html/glpi/src/
• apt-get update
• apt-get install nano
• nano NotificationTemplate.php
• Remove or replace the string "Automatically Generated by GLPI".

Conclusion

This wraps up the basic configuration of GLPI. The system is extremely comprehensive and requires time to learn how to use it effectively. However, the effort invested in mastering GLPI will pay off in streamlined operations and improved asset management.