跳到主內容

開源網路裝置管理系統 LibreNMS - CentOS 7

這是一套從 Jason Cheng大看到文章發現到還不錯用監控軟體。

111.09.06 更新 php 及資料庫套件,這應該是最後一版本不會再修正了。

運行環境


  環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式

  • 系統環境: CentOS 7
  • Web 服務: Nginx 1.22
  • PHP 服務: PHP 8.1
  • 資料庫服務: MariaDB 10.8

安裝過程


安裝 web 服務

  • 新增 nginx 官方來源庫 vim /etc/yum.repos.d/nginx.repo
#這是目前穩定的版本
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

#這是開發本版
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
  • 安裝可以選擇指定的 yum 的套件
yum install yum-utils -y
  • 指定要安裝的版本
yum-config-manager --enable nginx-mainline
  • 安裝 nginx 服務
yum install nginx -y
  • 啟動及設定自動啟動服務
systemctl start nginx ; systemctl enable nginx
安裝資料庫

  • 新增加 MariaDB 官方來源庫 vim /etc/yum.repos.d/MariaDB.repo
# MariaDB 10.8 CentOS repository list - created 2022-09-06 09:14 UTC
# https://mariadb.org/download/
[mariadb]
name = MariaDB
baseurl = https://ftp.ubuntu-tw.org/mirror/mariadb/yum/10.8/centos7-amd64
gpgkey=https://ftp.ubuntu-tw.org/mirror/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
  • 安裝資料庫
yum install MariaDB-server MariaDB-client -y
  • 啟動資料庫
systemctl start mariadb ; systemctl enable mariadb
  • 資料庫安裝及設定
mariadb-secure-installation   # 設定資料庫的root密碼

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n]    <----- 直接按下 enter 鍵
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]               <----- 直接按下 enter 鍵
New password:                                 <----- 輸入 root 密碼
Re-enter new password:                        <----- 再次輸入 root 密碼
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
  • 在 my.cnf 檔手動增加以下內容
vim /etc/my.cnf

innodb_file_per_table=1
lower_case_table_names=0
  • 新增加 LibreNMS 表單 mariadb -u root -p
CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';  <----- 這裡的 password 修改成您自己記的住密碼
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
  • 重啟資料庫
systemctl restart mariadb
安裝 php 服務

  • 安裝 php 必要套件
yum install -y epel-release yum-utils
  • 新增 php 來源庫及安裝版本指定成 php8.1
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php81
  • 安裝 php 及其他必要套件
yum install -y cronie fping git ImageMagick jwhois mtr MySQL-python net-snmp net-snmp-utils nmap php-fpm php-cli php-common php-curl php-gd php-mbstring php-process php-snmp php-xml php-zip php-memcached php-mysqlnd python-memcached rrdtool python3 python3-pip
安裝 Librenms 服務

  • 新增加 librenms 使用者
useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms nginx
  • 下載 Librenms 服務
cd /opt
git clone https://github.com/librenms/librenms.git
  • 設定權限
chown -R librenms:librenms /opt/librenms
chmod 770 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
chgrp apache /var/lib/php/session/
  • 安裝 LibreNMS 及 php 相關套件
su - librenms
./scripts/composer_wrapper.php install --no-dev
exit
設定 php 服務

  • 安裝好 PHP 要去修改 vim /etc/php.ini 設定檔時區
修改時區
[Date]
修改前
;date.timezone = 
修改後
date.timezone = Asia/Taipei
存檔
:wq

# 指令修改
sed -i "s|^;date.timezone =.*$|date.timezone = Asia/Taipei|" /etc/php.ini
  • 設定 php-fpm vim /etc/php-fpm.d/www.conf
;user = apache
user = nginx

group = apache   ; keep group as apache

;listen = 127.0.0.1:9000
listen = /run/php-fpm/php-fpm.sock

listen.owner = nginx
listen.group = nginx
listen.mode = 0660
  • 設定開機自動啟動及重啟服務
systemctl enable php-fpm ; systemctl restart php-fpm
設定 Web 服務

  • 新增加 LibreNMS 設定檔
vim /etc/nginx/conf.d/librenms.conf
  • 將以下內容貼到剛剛新增加設定檔,修改連線位置
server {
    listen 80;
    server_name librenms.example.com;
    root /opt/librenms/html;
    index index.php;

    charset utf-8;
    gzip on;
    gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    location /api/v0 {
        try_files $uri $uri/ /api_v0.php?$query_string;
    }
    location ~ \.php {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
    }
    location ~ /\.ht {
        deny all;
    }
}
  • 重啟 web 服務
systemctl restart nginx
設定 SNMP 服務

  • 從樣版複製一份
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
  • 編輯設定檔將 「RANDOMSTRINGGOESHERE」 修改或預設 public
vim /etc/snmp/snmpd.conf
  • 下載 librenms-agent 套件
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd ; systemctl restart snmpd
設定排程

  • 從 Librenms 目錄下複製到 cron.d 裡面
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
  • 複製預設的設定檔
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
開始安裝 LibreNMS

  • 開啟瀏灠器輸入 http://librenms.example.com/install.php (站台位置)
  1. 檢測安裝環境是否有正常,如果出現異常要把缺的套件都安裝起來才能正常運行

librenms-centos7-01.png

  1. 填入要連接的資料庫名稱及登入帳號及密碼按下 Check Credentials

librenms-centos7-02.png

  1. 會自動建立資料庫裡面表單,按下 Build Database

librenms-centos7-03.png

  1. 系統正在建立資料欄位中

librenms-centos7-04.png

  1. 填入要登入的系統管理員的帳號、密碼及電子郵件

librenms-centos7-05.png

  1. 系統會自動產出設定檔,按下 validate you install 系統會自動檢查目前設定檔是否那有問題並且會提示如何修改。

librenms-centos7-06.png

  1. 這樣子就安裝完成,接下來就可以正常登入系統了

librenms-centos7-07.png

  • 設定完之後建議跑一下下面的指令
sudo chown -R librenms:librenms /opt/librenms
sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/



參考相關網頁