開源網路裝置管理系統 LibreNMS

這是一套從 Jason Cheng大看到文章發現到還不錯用監控軟體。 109.09.14 因新公司要安裝 LibreNMS 服務,之前的安裝方式是 CentOS 7 版本使用,那剛剛去查看官方網站已經修改為 CentOS 8,因此本篇會重新修改為官方所提供的版本流程。

安裝環境


本工作室環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式

  • 系統環境: CentOS 8
  • Web 服務: Nginx 1.18
  • PHP 服務: PHP 7.4
  • 資料庫服務: MariaDB 10.5

安裝 web 服務


  • 安裝 Nginx 先決條件
dnf install yum-utils -y
  • 設定 yum 存儲庫,在此目錄下新增一個 vim /etc/yum.repos.d/nginx.repo 屬於 官方提供載點
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
  • 會建議使用 stable 穩定版本,如果想使用比較最新的版本請使用 nginx-mailine 會以當時官方釋出的版本為主,目前 BUBU 是使用官方比較新版為主
yum-config-manager --enable nginx-mainline
  • 安裝 nginx 服務
dnf install nginx -y
  • 啟動服務
systemctl start nginx ; systemctl enable nginx

安裝資料庫


新增加MariaDB安裝檔
vim /etc/yum.repos.d/MariaDB.repo
  • 再填入內容為以下
# MariaDB 10.5 CentOS repository list - created 2020-09-14 08:26 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/centos8-amd64
module_hotfixes=1
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
  • 增加完畢後在下命令安裝
dnf install MariaDB-server MariaDB-client -y
  • 資料庫安裝及設定
systemctl start mariadb ; systemctl enable mariadb   # 啟動資料庫服
mysql_secure_installation   # 設定資料庫的root密碼

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 第一次設定,直接按 Enter 鍵即可
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] 按 Y 設定資料庫 root 密碼
New password: 輸入新密碼
Re-enter new password: 再次輸入新密碼
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 按 Y 移除anonymous users
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 按 Y 關閉 root 遠端登入
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 按 Y 移除資料表 test
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 按 Y 重新載入資料表權限
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

mysql -u root -p   # 登入資料庫裡設定資表及權限

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password'; #密碼修改成要登入的密碼
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
  • server.cnf 檔手動增加以下內容
vim /etc/my.cnf.d/server.cnf

[mysqld]
innodb_file_per_table=1
lower_case_table_names=0
  • 重啟資料庫
systemctl restart mariadb

安裝 PHP 服務


  • CentOS 8 預設版本是 PHP 7.2 版,那如果想要使用比較新的版本的話需要新增加來源庫安裝
  • 安裝 epel-release 套件服務
dnf install -y epel-release
  • 安裝官方所提供來源庫版本
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
  • 查詢目前可安裝的版本
dnf module list php
  • 執行結果如下 php-lnmp-01.png

  • 使用 PHP 7.4 版本

dnf module reset php
dnf module enable php:remi-7.4 -y

安裝必要套件


dnf -y install epel-release
dnf install -y bash-completion cronie fping git ImageMagick mariadb-server mtr net-snmp net-snmp-utils nmap php-fpm php-cli php-common php-curl php-gd php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-PyMySQL python3-redis python3-memcached python3-pip rrdtool unzip
  • 安裝作曲家
# 將dirs更改為我們希望將composer安裝到的位置
cd /usr/local/bin   

# 安裝 composer
curl -sS https://getcomposer.org/installer | php   

# 重新命名 composer
mv composer.phar composer  

新增加 librenms 使用者


useradd librenms -d /opt/librenms -M -r -s /usr/bin/bash
usermod -a -G librenms nginx

下載 Librenms 服務


cd /opt
git clone https://github.com/librenms/librenms.git

設定權限


chown -R librenms:librenms /opt/librenms
chmod 771 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

安裝 PHP 依賴套件

su - librenms
./scripts/composer_wrapper.php install --no-dev
exit

設定 php 服務

  • 安裝好 PHP 要去修改 「vim /etc/php.ini」 設定檔
修改時區
[Date]
修改前
;date.timezone = 
修改後
date.timezone = Asia/Taipei
存檔
:wq
  • 設定「php-fpm」「vim /etc/php-fpm.d/www.conf
;user = apache
user = nginx

group = apache   ; keep group as apache

;listen = 127.0.0.1:9000
listen = /run/php-fpm/php-fpm.sock

listen.owner = nginx
listen.group = nginx
listen.mode = 0660
  • 設定開機自動啟動及重啟服務
systemctl enable php-fpm ; systemctl restart php-fpm

Web服務設定


  • 設定 NGINX 服務設定檔
vim /etc/nginx/conf.d/librenms.conf
  • 新增一個設定檔, 編輯 server_name 設定檔
  • 舊版的設定
server {
  listen 80;
  server_name librenms.example.com;
  root /opt/librenms/html;
  index index.php;

  charset utf-8;
  gzip on;
  gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }
  location /api/v0 {
    try_files $uri $uri/ /api_v0.php?$query_string;
  }
  location ~ \.php {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    #fastcgi_pass 127.0.0.1:9000;
    fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
  }
  location ~ /\.ht {
    deny all;
  }
}
  • 新版本設定
server {
  listen 80;
  server_name librenms.example.com;
  root /opt/librenms/html;
  index index.php;

  charset utf-8;
  gzip on;
  gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }
  location ~ [^/]\.php(/|$) {
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    #  fastcgi_pass unix:/run/php-fpm-librenms.sock;
    fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #  include fastcgi.conf;
    include fastcgi_params;
  }
  location ~ /\.(?!well-known).* {
    deny all;
  }
}
  • 重啟服務
systemctl restart nginx

啟用 lnms


ln -s /opt/librenms/lnms /usr/local/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

設定SNMP


  • 針對 Librenms 設定如下
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

vim /etc/snmp/snmpd.conf
  • 編輯將 「RANDOMSTRINGGOESHERE」 修改或預設 public
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd

設定排程


  • 從 Librenms 目錄下複製到 cron.d 裡面
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
  • 複製預設的設定檔
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

開始安裝 LibreNMS


  • 開啟瀏灠器照著下面輸入
http://該服務的ip/
  1. 檢測安裝環境是否有正常,如果出現異常要把缺的套件都安裝起來才能正常運行

libreNMS-01.png

  1. 填入要連接的資料庫名稱及登入帳號及密碼

libreNMS-02.png

  1. 會自動建立資料庫裡面表單

libreNMS-04.png

  1. 確認完成的畫面,直接按下下一個圖示繼續

libreNMS-05.png

  1. 填入要登入的系統管理員的帳號、密碼及電子郵件

libreNMS-06.png

  1. 已產生管理者的帳號

libreNMS-07.png

  1. 安裝完成了的畫面,可以點選 Validate 這個選項確認說服務是否有正確安裝完成

libreNMS-08.png

  1. 設定 config.php 權限
chown librenms:librenms /opt/librenms/config.php

最後確認 Final steps


  • 如果安裝有問題,請在「librenms」目錄下以「root」身份運行「 validate.php 」
cd /opt/librenms
./validate.php
  • librenms 權限來執行確認
sudo su - librenms
./validate.php



參考相關網頁